Melbourneit.com.au sends account credentials in plain text

[-NC-]

I created an account at melbourneit.com.au out of interest - let's see what this corporate registrar is like, expecting security to be tight.

As soon as I created an account, they sent me an email with both the username and password shown in plain text.

I was going to transfer a name to them just to fully test out their control panel, but after this most basic security failure I don't need to do any more research to decide that their system is not fit for purpose.

 

[Kate]

Playing the devil's advocate... even though they sent you the password in clear text, that doesn't mean it is stored in plain text. The script may have sent the password as you typed it, but stored it in encrypted form. Try the password reminder feature, if you get the password back in clear text, you know it's not encrypted in the DB.
Melb is one of the registrars that were recently affected by the Linode breach, so they need to beef up security.

 

[-NC-]

That's beside the point. Unencrypted email is not a secure form of communication. A common analogy is to liken email to a postcard. Anyone in the delivery route can read it.

---------- Post added at 10:36 PM ---------- Previous post was at 10:22 PM ----------

Try the password reminder feature

Good idea. Tried it. They send you a new password. Helpfully, they include your username in the email, once again sending all the info needed to login to the account over the internet in plain text.

 

[SearchEngineZ]

I am a customer only due to the occasional auction win.

I have spent 30 minutes on the phone, with them a few days ago (after they never responded to a contact form request) just to get a clienttransferprohibited lock removed from a domain name.

And then 20 minutes today because they had failed to do it.

Combine this with them being very expensive and I'd rate them as one of the worst large registrars.