undefined | Better HN

0 pointsfreejack14y ago0 comments

"why would your team not opt for things that ARE vetted as being secure, trusted, open, and have widespread adoption?"

It was a classic case of letting product management opinion over-ride engineering implications. Namely, on behalf of customer service, I went to bat - hard - with the engineers, to give our CSRs a completely effective way to handle inbound password requests in cases where customers no longer had access to their email account. I can't remember the exact conversation, but I could see the engineers at the time characterizing it as "being over-ruled". Long story short, brought forward almost two-years - we've got a new team on the project and I have a much greater appreciation of the subtleties and trade-offs and we've still got some work to do to fix my mistakes.

0 comments

gnaritas14y ago

I'd hope in the future, when your engineers throw a fit, you take some time to learn why you're wrong up front rather than overruling them. This was a huge mistake on your part and it's now public; you have a limited amount of time to fix it before you're hacked.

freejackOP14y ago

There was a bit more to it than that, but on this specific point, lesson well learned. I rushed this instead of looking for an agreement - as they say, measure twice, cut once.

GigabyteCoin14y ago

What's to stop me (possible hover CSR, co-worker, whatever) from simply reading a high-profile customer's password and transferring all their million dollar domain names to me later that night when I get home from work?

I have a pretty good memory. I bet I could remember 5-10 simple passwords and email addresses without writing anything down. Chances are the idiots use the same password for their email anyways.

Muahahaha, I'm rich, and your company is going down the tubes in a lawsuit. See you later!

freejackOP14y ago

Industry secret - at the most basic level, registrar and registry staffers don't need access to a customer account to manipulate a domain name. We've implemented tons of controls to manage who can do what, etc. but relying on customer passwords to safeguard domain names from internal tampering isn't really a great tactic.

pavel_lishin14y ago

What about the same scenario, but instead of altering domain records, a CSR logs into the customer's e-mail account, or bank account, and starts wreaking havoc?

1 more reply

keeperofdakeys14y ago

"...to give our CSRs a completely effective way to handle inbound password requests in cases where customers no longer had access to their email account."

I personally don't see how having the plain-text passwords help in the case where the person owning the account doesn't have access to their email account. Since they don't have access, you can't exactly email them their password.

freejackOP14y ago

Most of our customer inquiries come in over the phone.

JonoW14y ago

Assuming you verify users over the phone securely, why not just reset their passwords for them with a one-time use, temporary password? Surely that's not much harder for the end-user to deal with, and then you needn't store their password...

bluedanieru14y ago

Hover customer here. Please don't do this again.

freejackOP14y ago

Absolutely.

j / k navigate · click thread line to collapse

0 pointsfreejack14y ago0 comments

"why would your team not opt for things that ARE vetted as being secure, trusted, open, and have widespread adoption?"

0 comments

gnaritas14y ago

freejackOP14y ago

There was a bit more to it than that, but on this specific point, lesson well learned. I rushed this instead of looking for an agreement - as they say, measure twice, cut once.

GigabyteCoin14y ago

I have a pretty good memory. I bet I could remember 5-10 simple passwords and email addresses without writing anything down. Chances are the idiots use the same password for their email anyways.

Muahahaha, I'm rich, and your company is going down the tubes in a lawsuit. See you later!

freejackOP14y ago

pavel_lishin14y ago

What about the same scenario, but instead of altering domain records, a CSR logs into the customer's e-mail account, or bank account, and starts wreaking havoc?

1 more reply

keeperofdakeys14y ago

"...to give our CSRs a completely effective way to handle inbound password requests in cases where customers no longer had access to their email account."

freejackOP14y ago

Most of our customer inquiries come in over the phone.

JonoW14y ago

bluedanieru14y ago

Hover customer here. Please don't do this again.

freejackOP14y ago

Absolutely.

j / k navigate · click thread line to collapse