To whom it may concern
I find myself compelled to write and complain about yet another problem with 1&1 and their treatment of customers. Having been a 1&1 client for several years and having recommended 1&1 to several other friends and colleagues, I find myself more and more disillusioned with the way in which 1&1 treats it's customers. Your services are good and fairly priced when they work - but your customer service is appalling and I won't be recommending you to anyone else in the future.
Today I logged into my admin control panel in order to retrieve the passwords for my MySQL database as I needed them for an installation for a client. I went to the MySQL admin page as I have done time and time again to retrieve not only my password, but also the database name and other information. After about 15 seconds of scratching my head I realised that the password was nowhere to be found. I looked through several pages of the control panel to see if all of my passwords had been moved into one location, but I was unable to find anything. I then checked my FTP settings page in the control panel and to my dismay discovered this password had disappeared as well.
I presumed the passwords have been moved somewhere else - and decided to check the 1&1 FAQ in order to find them. Several search terms later there was still no mention at all of where I may find my passwords - the passwords I'm trying to gain access to having already entered my master account password into the 'secure' admin control panel. After wasting over 10 minutes of my time trying to find the password to services I am paying for I decided to call support.
Unusually, I got through to support very quickly. But as ever the line quality was awful and I could barely hear the customer service staff on the other end of the phone. I wonder why "The World's No.1" (to quote your website) can't even provide decent quality phone support? Why are you using inadequate VOIP services to pipe my call to uninterested operators in the USA, is my custom worth this little to you?
Whilst battling to hear what the customer services operator was saying I was told that due to a change in security policy, I am no long allowed access to my passwords - passwords for the services I am paying you for! I asked when this new 'policy' was implemented as never before had I been told I wasn't allowed to access passwords to a service I was paying for. "It changed last month" I was told. I then enquired why, as a paying customer I hadn't been informed of this change beforehand? The response? "Well, we've had lots of people complaints about this". Hardly the answer I was looking for. But hardly a surprise either given 1&1's track record. Following this comment I asked where I could send a complaint as quite frankly this kind of service is an insult.
Firstly, I would like to know why I am being refused access to password for a service I am paying for?
I have already entered my email address and password in order to gain access to these additional passwords in the control panel and I see this as more than enough to prove my credentials and gain access to a service I am paying for. To be told I cannot access these passwords and the only solution is to create new ones is not acceptable. I have scripts and applications on client's websites using both FTP and MySQL to access to my 1&1 account and you expect me to create new passwords and then manually reconfigure all of these scripts all because 1&1 decided to change their security policy, without having the common courtesy to give me any warning? If I ran my business like this I'd have no clients.
I was also told by the customer service operator to create new password and "write them down somewhere so I don't forget them". How is this more secure than accessing them through an encrypted website? This goes against all basic password security advice!
Secondly, I would like to know why I wasn't informed of the policy change that means I can no longer access my passwords? Why was I not notified by email, letter, or telephone and given the chance to make a record of all of my passwords before they were hidden from me?
Thirdly, I would still like to be given access to my current passwords so that I can now make a record of them. What can be done about this? Changing them all and the knock-on affect of having to edit the multiple sites that access them will cause me a considerable inconvenience and I would like to know what 1&1 will do about this, particularly seeing as the change was made without any notice.
I have wondered why the sudden change in security policy. Perhaps the 1&1 control panel isn't so secure after all? Perhaps 1&1 don't want to be liable for passwords being stolen and customers websites being affected? Perhaps in making this change you can now shift blame to customers - "We don't have access to your passwords any more, they are your responsibility so breaches aren't our fault." And yet, 1&1 is still happy to store my credit card and billing details in the very same 'secure' control panel?
I'm sure I will receive the bog standard 'sorry' response, along with some excuse about how this security policy change is in the interest of customers. But what is not in my interest in any way, shape, or form is the way 1&1 have dealt with this matter.
Regards,
James Clarke
read more here
No comments:
Post a Comment