Doteasy is a domain registrar that is not worth your trust. How do I know? Because I host Flight Club with them, and when I went through their password retrieval process this evening, they sent me my password in an email.
Emailing passwords is a bad idea for (at least) two reasons:
- It means it’s likely the system storing the passwords does not encrypt the passwords, and encrypting passwords that you store is something they teach you in Web App Development 101.
- That email I got with my username and password went through the internet’s tubes, and at any point along those tubes it could be sniffed, captured and used for malicious purposes.
Here’s the email Doteasy sent me:
DOTEASY MEMBER REQUEST
—————————————————————–
As requested at Jul 05, 2010 21:28:11,
the login info for your Doteasy Hosting account is shown as follows.
Domain…..: flight-club.org
Member ID..: flightclub
Password…: [my actual password]
Thank you.
Doteasy Support
‘Join the hosting revolution!’
More From Joe Murphy's Local Journalism Blog
- One great mind-bender of an example of why copyediting is important:
- A quote worth sending to the folk in your online ad department
- What is “Local”?
Joe Murphy's Local Journalism Blog Recommends
- What time is the best to book a flight? 12 A.M. Eastern, apparently (Flight Blog)
- Denver Metro bloggers, raise your hand (and post a link to your blog here) (Joe, Write!)
- (no escort is required) (Joe, Write!)
- What Is A Blog Roll? (BlogGlue)
- “Glee” is contagious (Ostrow Off the Record)
- Content Marketing Is Hard (BlogGlue)
Popularity: 2% [?]
What makes you think they wouldn’t encrypt it? I generate a password, and it gets emailed, then I salt it and put it in the database. End transaction. What’s the problem?
Stick with GoDaddy Joe, you’ll thank yourself later. Granted, their backend UI used to be atrocious and is only marginally better after the redesign, but the pricing is still great.