WHY do you need my password, oh shitty Tech Support?

So I recently signed up for webhosting through a company that offered a damn good deal. Shoulda been my first heads up. Took them a week to set up the service because they had to ‘verify’ my home phone number. Wtf? What’s the point of that? Whatever…they finally ‘verified’ it by calling at 9pm and when I said hello, all I got was a robotic voice saying “HELLO” and then click, hangs up on me.

At this point I’m like, what have I gotten myself into? A quick google (which, I admit I should have done first) revealed LOTS of complaints in regards to customer service on this. Great…but I’m stuck now since they have a no refund policy. I figure I’ll be fine as long as I don’t need customer service.

So they have these PHP applications that you can install on your site via your website control panel. I haven’t the first clue how PHP works so I thought this was handy. One of them was a statistics application to track traffic and such (which, they also never provided via their control panel). So I start to install it, fill in the correct information and finish up. It does its thing for a second and then I get “Error sapp_install_failed” …Huh? So I try again. Same thing.

So I hop on over to the Support section and send out a ticket asking for help on what I’m doing wrong. Well I TRY to. They have a ridiculous 110 character limit on this damn thing AND it automatically puts everything in lower case. UGH. So I just write what I want, and the error I got. Send it off and wait.

A day later (yesterday) I get an ‘apology’ and am told they’ll install it for me once I tell them what folder I want it in. I tell them and wait. Today I get a new email saying they’re having trouble logging into my control panel with the password on file and will need my password to access it. Wtf? I’ve never heard of any tech support EVER needing a password to address a problem. At least not in a situation like this. If they need to log into my control panel, they’re obviously not going to see anything different than I see. And if they’re logging in because they know how to install it correctly, just TELL me and I’ll do it again. I sent them an email saying basically that.

So…am I being overly paranoid about handing out my password? I am FAR from impressed with this company so far. And from the emails I’ve received I’m guessing they outsource their tech support to people with horrible English skills. It just seems to me that they either don’t know what the error means or just assume I’m an idiot and they’ll just do it themselves.

The telephone verification is a pretty standard practice. Hosting companies have to be careful about people opening accounts, and using them to put up phishing or spamming sites, posting kiddie porn, etc. People who do things like that don’t give out their real telephone numbers - they go to great lengths to prevent being tracked. A quick telephone number check eliminates a lot of problems.

But doing it automatically obviously accomplishes nothing, since the “bad guy” could provide any working phone number. To be effective, the verification needs to be done by a human. You answer the phone, and they say, “Hi, this is XYZ hosting. To whom am I speaking?” If you say, “AngelSoft,” they know the phone number is legit.

There’s no need to be paranoid about giving them your password. The admin of a system has access to all your stuff, anyway. Just change the password after they’ve done their bit.

However, I’ve never heard of a hosting company having your password on file. In a typical system, passwords are one-way encrypted. There isn’t a file where you can go and look them up - that’s an enormous security hole.

And I can’t imagine a hosting company needing your password to access your stuff. This tells me that you may be dealing with some kind of reseller operation. In other words, they buy a hosting account from a real web host, and then sell chunks of it to other people. They don’t actually have “admin” rights to the server.

Everything you say about this company tells me that you should run the other way. Sorry there isn’t a way to get your money back. For a measly $7 a month ($4 if you stumble onto one of their promotions), you can get pretty solid, reliable hosting, with 24x7 “live chat” support, no long-term commitment (prorated refund at any time, for any reason), etc. PM me if you want a recommendation.

What **Early Out **said. Whatever you’ve already paid for these bozos, it’s nothing compared to what it will cost you later in heartache and trouble if you ever get your site up and working for you.

Once you have some traffic, the last thing you’ll want to do is change your url. And if these bozos are also your name registrar, they’re gonna make it as hard as possible, or impossible, for you to move to another hoster & keep www.angelsoft.com or whatever for yourself.

Not in the slightest. No competent computer professional would ever ask you for a password – they should have administrator access to your account and do whatever they want. And if their company doesn’t trust them with admin access, it says a hell of a lot about the company’s belief in their competence.

And since people tend to reuse passwords - it isn’t impossible that asking for your password is a social engineering attempt to get into your other accounts.

Thanks for the advice guys. I just got another email from tech support. They said that it was strange, they couldn’t reproduce the error on the test or admin account and that it might be specific to my site. They’ll need to access my account to debug it. Yeah, well never mind at this point. I’ll go without the damn application before I let them into my account.

I wish I could go to another host but I was scraping the bottom of the barrel to pull together enough for this one…

If for some reason they do need to login to your account as you they should be able to reset the password themselves, and then email you saying we reset your password, login with this and change it again.

-Otanx