I have been contacted by a customer who works in the I.T. security industry and he has suggested that the password re-set protocol is not secure and should be changed. He is not offering to do it or anything like that, there is nothing in it for him, it's purely free advice. I initially chatted to him over the phone and as I didn't quite understand the issue, he kindly sent me an email and now I understand. Please see below and advise your thoughts.
To whom it may concern, I am writing to suggest a review of your current password reset process. I recently reset my password for your website and was sent a replacement password in plain text via email. This is not considered good security practice and raises concerns to me around the credential handling and the overall security design of the account recovery process. Best practice would normally be to issue a time-limited reset link or token and require the user to set their own password, rather than transmitting a password by email. Sending credentials in plain text creates unnecessary risk, particularly if mailboxes are compromised, messages are retained long-term, or email forwarding rules are in place. I understand your website or IT environment may be managed by an outsourced provider, but I recommend this issue be raised with whoever is responsible for your application support and security controls. It would be prudent to confirm that, or look to implement a system where: - Passwords are securely hashed and not stored in a retrievable form - Password resets use expiring, one-time tokens - Any temporary access method requires immediate password change on first login Note that this is not a complaint, just information / constructive feedback intended to improve the security posture of your system to help protect customer information. Regards, A Concerned Customer.
