Communicating Passwords

**vandalais** · 06-12-2011, 09:27 PM

Anyone have a good solution for communicating passwords to and from clients that aren't in clear text? This is not necessarily a WP only issue but I prefer to support via e-mail and I don't want clients to just send me their passwords in clear text either.

Thanks,
Keith

**Ryan** · 06-13-2011, 03:13 AM

I wouldn't communicate them at all.

What do you need to transfer passwords for?

**dgwyer** · 06-13-2011, 03:22 AM

You could add them to a password protected zip file (containing a plain text file), or a password protected Word document.

**Ryan** · 06-13-2011, 05:41 AM

But then you would need to find a way to send the password for the zip or Word document.

**vandalais** · 06-13-2011, 07:46 AM

I need a password to work on a client's site. I ask them to set up a temporary account with admin access but WP sends this emal via clear text. Is there any Way to change this in WP? I am also looking for a solution for cPannel. I'm not sure if some of my clients could even zip a file. The solution must be extremely easy.

Thanks,
Keith

**andreasnrb** · 06-13-2011, 10:26 AM

They could call you and tell you the password over the phone or you call them and tell them the password to use =).
Anyway clear text password in email is only a problem if its intercepted. In most cases very unlikely. If you get the email and login and change the password theres no problem. No need to overcomplicate things if you don't have to.
PS
You disable the email sending feature in WP settings.

**vandalais** · 06-13-2011, 10:36 AM

A lot of my sites are e-com sites so I'd rather be on the safe side. The reason I'm concerned is because one particular client must have an unsecured wifi or hacked mail account as I get spam mail from her. So does WP not encrypt password? How else would they be able to send passwords in clear text?

**Ryan** · 06-13-2011, 04:45 PM

Originally Posted by vandalais

I need a password to work on a client's site. I ask them to set up a temporary account with admin access but WP sends this emal via clear text. Is there any Way to change this in WP?

Yes, simply don't ask them to send you a password at all. Instead, ask them to setup user registration, so that you can register yourself. Then once you've done that, have them upgrade your permissions to administrator level.

Originally Posted by vandalais

So does WP not encrypt password? How else would they be able to send passwords in clear text?

There are various ways to encrypt passwords via web software, but WordPress doesn't use any of them as they're generally a pain in the neck and usually require some sort of keygen to work. The standard route is to use an SSL connection which WordPress does support, but you need to set up a certificate etc. and change a few settings in WordPress to make it work. WordPress.com for example uses SSL on it's login pages, and there is an option in the WP.com admin panel to use SSL across the entire admin panel, but it causes a slight reduction in site performance in the process.

**andreasnrb** · 06-13-2011, 05:28 PM

Originally Posted by vandalais

A lot of my sites are e-com sites so I'd rather be on the safe side. The reason I'm concerned is because one particular client must have an unsecured wifi or hacked mail account as I get spam mail from her. So does WP not encrypt password? How else would they be able to send passwords in clear text?

Email spoofing can be done without hacking the owners email account. And its WordPress on a host that sends the email not software on her computer. But like Ryan writes if its easy to just setup and registration form just do that instead.

**vandalais** · 06-13-2011, 07:44 PM

Thanks for all the great information. I really appreciate the help.

Thanks,
Keith

Thread: Communicating Passwords

LinkBack

Thread Tools

Display

Communicating Passwords

Posting Permissions