Earthlink Allows Tech Support to Access Users’ Passwords

As this Wired story reveals, Earthlink allows tech support representatives to see users’ passwords. This is just wrong, not to mention unprofessional, and begging for various nasty kinds of law suits, or worse.

Sure, users forgetting their passwords is one of the top three support issues, maybe even the top one, but you never give anyone access to a user’s password unless there’s a court order, especially if you are an ISP. If a user contacts tech support and needs a password, then tech support should simply reset the password to a seven or eight digit random combination of numbers, letters, and punctuation marks, and give the user the information over the phone (after verifying the user’s right to the information). Then, tech support should send followup email telling the user that the password was requested, and including instructions to reset the “new” password, with some advice about storing and selecting passwords.