0
Under review

The ability to see users' passwords

Nick 8 years ago in BLOX CMS updated 8 years ago 11

I can't tell you how many times I've had a back and forth between a subscriber about their password magically changing and they don't have access anymore. If this is via email it could take a day or two to resolve the issue. And most people I talk to assume I can see their password anyway.


So as long as no credit card information can be viewed is it possible to allow certain level admins to view the password? It would make life so much easier and our customers so much happier for us to look it up and say:


"I can't log in because my password is wrong"

"Your password is '123456'"

Answer

+1
Answer
Under review

I think our preference would be that if someone calls because they can't log in, you reset their password. This can be done in the admin in the user account area. So, they can call and say they don't know their password, you change it to 123456, and then tell them that (or help them reset it themselves which teaches them to do it in the future). And then recommend they log in and change it. This way you don't get access to their original password (which could be used in other places).

+1

I'd think the best way is to just advise them to use the forgot password functionality. They get an email, click the link and can enter a new password without knowing the old one.

While I could see this being useful, the thought of the feature does make me twitchy. Brice's solution of just telling them to reset it also works to take us out of the loop quicker.


Unfortunately our CSR's are in the habit of asking readers for their passwords so that they can login as the user to troubleshoot problems. I hate it in principle, but I guess the reality of it is that having the password doesn't really expose any information or give the CSR's access to something they don't already have.

+2

You can pretty easily become an unwitting man in the middle if you allow this. It's okay if someone tells you the password, that's their fault. But if you were allowed to see the passwords of all users? How many of those folks are using one password to rule them all? I mean it's 2016, but you can bet most people aren't going through the trouble of 2 factor authentication, having separate strong passwords for separate sites, etc. You might quickly find yourself giving out the gmail and bank passwords of your users to strangers who claim to be them on the phone.

This sort of "social engineering" is a big part of what people call "hacking". Better to be out the loop entirely.

You raise a good point.

That's the part that makes me twitchy. Good job laying out the issue.

+1
Answer
Under review

I think our preference would be that if someone calls because they can't log in, you reset their password. This can be done in the admin in the user account area. So, they can call and say they don't know their password, you change it to 123456, and then tell them that (or help them reset it themselves which teaches them to do it in the future). And then recommend they log in and change it. This way you don't get access to their original password (which could be used in other places).

I agree this makes the most sense. I guess I just get tired of people claiming they have been locked out of their account and blame our system for changing their password when the reality of it is that they just can't remember their own password. In a perfect world we could just tell them their password but I understand it's a security risk.


I typically have them tell me what they want their password to be because I know it's so much quicker than walking them through changing their password. And most of the people, even if you walk them through the process of changing the password, will still call back if it happens again.

+1

This brings up an interesting idea; what about an option to force a user password change upon next login?


This way we could set it to something generic, then the system will make them change it to something of their own choosing when they use it.

+1

Yes! You win the thread! I love that idea. Because if I set it to 123456 probably 90% of our subscribers are just going to use that rather than tracking down the page to change their password. It would be much better to prompt them to change it upon login.

+1

It's also important to note that our passwords are hashed with a one-way algorithm, so from a technical perspective we couldn't show passwords even if we wanted! :)