Hacker News new | ask | show | jobs
by Meekro 4462 days ago
Are there any web hosting companies that don't rely on the "send a reset link to your email address on file" model of password resets?

You're right, that model is deeply broken if anyone can intercept those emails (as happened in this case), but it seems unfair to single out ChunkHost for criticism.
1 comments
adambenayoun 4462 days ago
With that same logic in mind - we could say that anyone working at amazon AWS or Rackspace (or any other hosting companies) could gain access to your application.

The thing is we trust these companies to have processes in place so that their representatives won't have the ability to potentially do something destructive and if they can because they are the highest ranked rep and they need that kind of access - then at least auditing and training should be in place to avoid that kind of behavior.

link
unclebucknasty 4461 days ago
SoftLayer still asks for admin/root passwords to your boxes in pretty much any support scenario. Their ticketing system actually has a field for it in the submission form.

If you omit it, the assigned tech will frequently ask for it. Always sends a little shiver down my spine.

link