The information in this thread might be outdated
If the solution did not help, please, check our Help Portal or contact Ecwid Team.
 
 
Thread Tools Display Modes
  #1  
Old 08-15-2012, 10:11 PM
Sachin Pikle's Avatar
Sachin Pikle is offline
Junior Member
 
Join Date: Aug 2012
Location: India
Posts: 21
Default

Emailing customer's password (forgot password)


I am not comfortable sending customer's password in an email. Even though we have a note to change the password, the system doesn't force the customer to change it. Is there a way to send a temporary system generated password in the email and force the customer to reset it when he signs in to the site with the temporary password?
  #2  
Old 08-16-2012, 12:57 PM
Kess's Avatar
Kess Kess is offline
Senior Member
 
Join Date: Feb 2012
Posts: 2,071
Default

Unfortunately, there is no way to change this behavior at the moment. But we understand that this is really not secure to send the passwords as plain text is insecure, so we will definitely change this behavior. We have the corresponding changes planned in our roadmap, so this will be included into one of the coming Ecwid versions.

Last edited by Kess; 08-16-2012 at 01:44 PM.
  #3  
Old 08-16-2012, 03:55 PM
Sachin Pikle's Avatar
Sachin Pikle Sachin Pikle is offline
Junior Member
 
Join Date: Aug 2012
Location: India
Posts: 21
Default

Thanks Kess. Do you have an ETA for this feature?
  #4  
Old 08-17-2012, 10:48 AM
Kess's Avatar
Kess Kess is offline
Senior Member
 
Join Date: Feb 2012
Posts: 2,071
Default

Unfortunately, no exact ETA yet, but we will do our best to make these changes as soon as possible.
  #5  
Old 08-17-2012, 04:06 PM
Sachin Pikle's Avatar
Sachin Pikle Sachin Pikle is offline
Junior Member
 
Join Date: Aug 2012
Location: India
Posts: 21
Default

At the moment it looks I will be using the paid subscription. Will that help influence the ETA?

Also, does it mean that ecwid stores customer's password as un-encrypted plain text?

Last edited by Sachin Pikle; 08-17-2012 at 04:08 PM.
  #6  
Old 08-19-2012, 05:40 PM
Eugene Rimmer's Avatar
Eugene Rimmer Eugene Rimmer is offline
Senior Member
 
Join Date: Jan 2011
Location: Ecwid headquarters
Posts: 7,765
Default

Quote:
Originally Posted by Sachin Pikle View Post
At the moment it looks I will be using the paid subscription. Will that help influence the ETA?

Also, does it mean that ecwid stores customer's password as un-encrypted plain text?
Sorry, but since the feature is not yet in the development plan, the exact ETA may not be estimated.

As for the way of storing customer passwords, Ecwid keeps them in a secure format that can be decrypted back to the actual text, once you have the algorithm and the key. We initially thought the password restoration that does actually bring you your forgotten password is what most users would expect, so we did it this way, unlike the other solutions that send the customer through the hurdle of changing it. But now we consider this is not the best recognized idea as people are really expecting us to change the password, not decrypt, so we are going to change that soon.
  #7  
Old 08-20-2012, 06:18 PM
Sachin Pikle's Avatar
Sachin Pikle Sachin Pikle is offline
Junior Member
 
Join Date: Aug 2012
Location: India
Posts: 21
Default

Thanks Eugene. Hoping to see this feature implemented soon! :-)
 
The information in this thread might be outdated
If the solution did not help, please, check our Help Portal or contact Ecwid Team.

Tags
force password change, temporary password

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:13 PM.
Powered by vBulletin® Version 3.8.11. Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.