Hide Password on "New Account Email"

Follow
Avatar
John Levett

The new account email currently shows both the login and password details. This is a potential security risk and we would like the ability to remove this aspect of the email.

2

Comments

1 comment

Sort by Date Votes
  • Avatar
    Martin Jackson

    Following a fairly recent Lloyd's Coverholder audit the report made recommendations that lost/forgotten emails should be dealt with via a "reset"  email link rather than including the password in the email.  

    The auditors concerned felt that the current procedure has a number of inherent security issues for the customers account. Espceially when most people rightly or wrongly do tend to use the same password over a number of websites.

    This is an issue which should be treated with the highest priority.

    For example should you forget your email to login in to this support site you will be sent a password rest link and not by email.

    Comments and thoughts from SchemeServe would be interesting as to why the feel the current process is a secure.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post