Hide Customer Passwords | Voters

Hide Customer Passwords

complete

Paul

Its probably best to hide the customer login password, although they are generated by rewards, if a customer changes it to their own personel secret password we can see it, which is a GDPR issue.

October 29, 2019

Neil McQuillan - CEO Citrus-Lime

marked this post as

complete

This is not an issue in version 2.0 of the product which has been in production since 2020. I'd missed this but I'm closing now as completed.

Neil McQuillan - CEO Citrus-Lime

This was resolved in the move to CustomerRewards 2.

Steven Sproat

The bigger issue is that passwords are not encrypted upon storage...

Jon Mayo

It's even worse that just being able to see passwords in the back of customer rewards. The system sends emails to customers with their own password in plain text within them. Which is a serious issue. You should NEVER send a password within an email, instead a password reset is the process if they have forgotten it.