Doteasy is a domain registrar that is not worth your trust. How do I know? Because I host Flight Club with them, and when I went through their password retrieval process this evening, they sent me my password in an email.
Emailing passwords is a bad idea for (at least) two reasons:
- It means it’s likely the system storing the passwords does not encrypt the passwords, and encrypting passwords that you store is something they teach you in Web App Development 101.
- That email I got with my username and password went through the internet’s tubes, and at any point along those tubes it could be sniffed, captured and used for malicious purposes.
Here’s the email Doteasy sent me:
DOTEASY MEMBER REQUEST
As requested at Jul 05, 2010 21:28:11,
the login info for your Doteasy Hosting account is shown as follows.
Member ID..: flightclub
Password…: [my actual password]
‘Join the hosting revolution!’
Popularity: 3% [?]