Password sent to customers in plain txt

[mcguffinbros]

Hi there,

How can stop sending the password in plain text (Really amazed bout this break in the customers security) after customer registration.

Thanks in advance to all the replays.

Cheers.

[Billy]

I wish I knew how to fix this. I have some really angry customers. Heck even the password reset sends a plain test password. Sure I can edit the registration email template but how do I fix the password reset?

[Billy]

If we could get the system to send an "image" of the password that would be a lot better. Maybe smarty could help with something like this but I have no idea where to even start.

[Billy]

Here is an old approach... Still doesn't seem to solve the complete issue unless I misread it.

http://www.prestashop.com/forums/viewthread/101141/general_discussion/removing_the_password_from_the_registration_email_v_dot_1_dot_3_dot_2

[pralbin]

I have the same issue. Many customers complaining about this. I don't think it's so smart either..

[philee]

It should be the same option as the administration forgot password set-up.

 

Where when you forgot your password it will automatically reset your password instead of showing the actual password.

[PrestaDesigner.com]

I think this is something which will be taken into consideration by the prestashop team

[MikeMc68]

Has this been fixed? I have had two complaints so far from customers that their password was sent to them in plain text!!!

[AKJV]

What I have done is the following:

 

 

1) Prevented password being sent in 'Welcome' email to customers upon registration.

 

I have deleted this part from the HTML code in account.html:

<br >Password: <strong>{passwd}</strong>

 

And deleted this from the account.txt:

Password: {passwd}

 

You can find these files in the /mails/xx folder (xx being your language code). Modify these files and upload them back again.

 

I added to both txt and HTML e-mail files a notification that passwords are not sent out for security reasons.

 

You should also be able to remove these password queries in your BO->Tools->Translations->E-mail template translations. But I don't like working with the built-in editor as it messes up my HTML code. The trick proposed in the previous (older) topic was to comment out the code, but perhaps that doesn't work with the built-in e-mail editor (possibly it removes comment tags from HTML code).

 

 

2) When customers forget their password, they can apply for a new one. They will then receive an e-mail (password.html or password.txt) with a new and randomly generated password. I have added text in this e-mail, urging them to change the new password in one of their own choice as soon as possible.

[megsmitley]

PrestaShop fans interested in having the password recovery process replaced with password reset and the ending of all clear text password transmissions may wish to vote up this improvement request http://forge.prestashop.com/browse/PSCFI-6300

 

Thanks, AKJV, for the interim workaround.

[benjamin utterback]

Thanks everybody for the Input. I definitely agree with megsmitley. Using the forge reporting center is the best way to vote up improvements for future software versions.