interesting chat with WSEX support

[Alobar]

I dont have a problem with the employees seeing my password. Everyone here realizes that all of thier financial information is freely available to hundreds of various employees everyday right? The bank is the perfect example. Your account number and routing number and TONS of personal info (social security number etc) is available to many bank employees...are you gunna stop putting your money in a bank now because the employee could misuse that info?


The problem I see with what happened here isnt that the employee can see his password, its that he GAVE the customer the new password over the phone. It should have been emailed to the email account they have on file. That way if it was someone trying to hack him, theyd at least have to have access to his email account, not just know the address.

[OldLearner]

This is fairly common practice for Password "resets" in the industry.

Some sites can automatically send you the value of your password based on a hint you have previously given.

Some sites, many of the ones I work with, give you a NEW password because they cannot see the value of your old one.
So they make one up, give it to you, and you change it immediately.

This may be the case here. I see no problem.