Advertisement:

Author Topic: Registration Agreement  (Read 42531 times)

Offline Tw2Stefan

  • Newbie
  • *
  • Posts: 4
Registration Agreement
« on: January 08, 2018, 01:41:05 AM »
I'll preface this with: this is not a feature, but I'm not sure where else to put it.

The default registration agreement has the following:
Quote
you agree to never give your password out to another person except an administrator

That should obviously be removed, in my opinion. You should not give your password to anyone, even an administrator.

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,315
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: Registration Agreement
« Reply #1 on: January 08, 2018, 02:15:58 AM »
Guess you could name it a bug if you see it that way.

Anyway, that one does have an idea behind it. Yes you should never give your password to anyone, although if you have a proper password policy (one password per site) it shouldn’t matter too much and change it afterwards.
That aside: users sometimes experience issues that can be easily verified/reproduced with account access, or experience login issues and claim their password isn’t working. The administrator is listed as an exception as they could help trying to debug when they have the password. That doesn’t mean you should give it or are forced to, rather the admin is exempt from the rule not to share it with “anyone” - as the sole exception, should there be a need for the admin to gain access to the account.

Of course the admin could also simply force a new password and test with that, but I don’t see a direct threat in making the admin an exception on “anyone”. The user may still choose to not share it or change it to a temporary password themselves as well, in which case you’re not sharing your regular password but still hand out *a* password to the administrator - which, if there would be no exception, would be in violation of the agreement... Its as safe as you make it yourself, but including all possible scenarios and best practices in the registration agreement is a bit overkill and likely counter productive.

So whilst I understand your point and its not invalid, I personally don’t see harm in keeping that line in there.
You can change it on your own forum though!
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.