Announcement

Collapse
No announcement yet.

Sending password in almost all emails???

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sending password in almost all emails???

    Am I stupid? What am I missing? Why would 3dcart think sending the customers password in almost every email is a good thing?

    I am trying to understand why a password is even needed if it is sent in almost every email the customer gets and in every email the 'Merchant' gets? Email is NOT secure and to send the password makes no sense to me.

    The only time a password should be emailed is when the customer cannot remember it, right?

    I have just spent a lot of time going through the emails and removing the password from them on all except the 'Lost Password' email.

    Isn't the password supposed to make the customer account secure? If not what is it used for?

    Anyone have any answers to these questions? I would really appreciate knowing them.

    Thanks,
    ken

  • #2
    You can easily edit out the passwords by altering the email templates.

    Comment


    • #3
      This is being changed in 3.2
      But if you want to take care of this this instant, you can open the emails from

      Settings->Design->Emails

      And remove [password] from the emails (New order email specifically).
      ----------------------------
      Gonzalo Gil
      3dCart Support
      800-828-6650 x111

      Comment


      • #4
        Hi Guys,

        Thanks. I did go in and remove it from all the emails but I was wondering why it was there in the first place. Am I missing some reason it needs to be sent all the time?

        I know from previous experience with other shopping carts a few of our customers were extremely upset about having their password in emails. So that is why I removed it.

        But why was it that 3dcart put it in them? Maybe it was an oversight on their part but if not I would like to know because it may actually make sense to have it in them.

        Thanks again.
        Ken

        Comment


        • #5
          The idea was that having the login/pass there would make it easy for them to re-log in if they wanted to without having to think of the password they used.

          Since we don't store credit card data, the very most a hacker that also has access to their email could do is look at their previous orders, so security was not a big concern.

          We have gotten a few requests to remove it, so this is why we chose to do so on V 3.2.
          ----------------------------
          Gonzalo Gil
          3dCart Support
          800-828-6650 x111

          Comment


          • #6
            Thanks, I understand now. I forgot the credit card info is not stored. Still some people are very protective of their address and phone numbers so I am glad I removed the password.

            Thanks,

            Ken

            Comment


            • #7
              Since most people use the same password for many things, a hacker may not be able to get cc info from here but they could use the password elsewhere and get info.

              But yes, we removed this from all our emails as soon as we noticed it was there. Glad to hear this will be implemented in the next release.

              Comment

              Working...
              X