To all the LET VPS providers: why do you keep sending the password in plain text?

untitled

I've subscribed to more providers that advertised their offers on LET - thank you again LowEndTalk! . However most of them keep showing or sending me per email the password I've chosen for my new VPS with no protection as plain text. Emails telling me the VPS was activated, opened tickets about some different topic with the note that my password is "text" and so on...
I mean, we know you can see what we're doing, but using this sort of reminders reduces the user's privacy to zero. Besides that as you may know the email isn't the securest way to share sensitive data.
I hope maybe all the providers will change that in the future.
Thank you and I hope you'll all have a great BF 2024

tentor

Use SSH public keys then (it will prevent leak of your password)

VirtFusion has a warning in their email template:

{% if server_uses_password %}


To improve security, we recommend that you add an SSH key when creating a server.
{%- endif -%}

BruhGamer12

just change the password when you login.

untitled

@BruhGamer12 said:
just change the password when you login.

I am aware of this option and I use it in such cases.
It's just the idea of handling a password like a password

cybertech

its actually to encourage you to change upon first login.

balramm

If I don't send passwords by emails, most of my clients will get offended that they have to login to our client area to retrieve passwords, There is 1% of you who think it should not be in plain text remaining 99% choose to reset no matter how securely you send or they use ssh key.

yusra

As someone who actually has worked for some providers, I can guarantee you that if the provider doesn't include the password in the emails (yes, in plain-text), you will get numerous tickets asking where/what the password is.

sitss

so how should it be done? snail mail?

MannDude

We don't send it. It's randomly generated internally for the purpose of creating a VPS, but not sent to the customer. VPS welcome email tells you how to add your key or how to add / change the pass from the control panel.

No reason for your service provider to know your root pass unless they're managing your server.

stefeman

Just send one time link instead.

yoursunny

Our Antarctica IPv9 VPS not only send plain passwords but also encourage customers to post their passwords on LET.
We have advanced security based on brain connect technology, so that passwords are not at all important.

Neoon

Most of the Providers are using the same Billing or/and VPS Management software.

shruub

@yoursunny said:
Our Antarctica IPv9 VPS not only send plain passwords but also encourage customers to post their passwords on LET.
We have advanced security based on brain connect technology, so that passwords are not at all important.

IDontKnowHowPasswordManagersWork2020

(at least you don't know that my email is [email protected])

shruub

@cybertech said:
its actually to encourage you to change upon first login.

interesting, considering the average online customer.

default

Password must be sent in plain text if there is no SSH key option. Most customers will open tickets if they don't have that password easy to find in front of them.

The best solution is to simply include in email a notification like this: "Please change the password on your first login and don't forget to always use very strong and complex passwords everywhere!"

huntercop

KISS - keep it stupid simple