Transmission of passwords

Hello Mitch,

Thank you for posting - an important topic.

The easiest way to avoid having the passwords sent to your newly created users is to not check the box that says "send user a confirmation" - as this includes the password. Simply leave this box unchecked. Also, do not send yourself a confirmation when you create new users.

The general rule of thumb about passwords is to never use passwords on public systems (internet) that correlate to passwords on private systems.

In other words, never use sensitive passwords; for servers, bank accounts, etc., in other situations such as email login or shopping portals.

Abiding by this rule is the safest method.

Specific to our system, the reason that you see black dots instead of characters is a browser default activated when you type characters into a password field .

The reason that you enter the password twice is to eliminate typos which will later prevent you from logging in.

In our system there are two places where passwords are generated in plain text in emails:
1. leaving the login blank and then pressing enter - password retrieval
2. adding a user and selecting to send yourself or the new user details

So, you can avoid having the password sent anywhere by a) not requesting the password and b)not selecting to send yourself, or the new user, the password when you add a new user.

Of course we share your concern that passwords should remain secure.

Please note that we have never had a security issue reported to us in the more that 20,000 trials which have been created.

The alternative to how we currently manage our security would make it a lot harder for our visitors to keep track of their access, as we would have to set up a system of confirmation and verification, if we were not to send any passwords through email.

We hope that this addresses your concerns, if not, please take up further contact with us, and we can proceed from there.