Passwords Plain Text

Jeff WormeJeff Worme Member Posts: 10
edited July 2018 in Accounts Hosted
Just contacted the help desk about getting password reset sent to us as plain text email. I am no security expert but this is very bad security practice. If someone intercepts the email or hacks my email account they have everything they need to login to my file. Also the passwords must be stored on their servers as plain text.Banks, in fact I don't know of any other company that does this. The help desk flogged me off. Might have to list Reckon on the website Makes you think that Reckon does not care about our security. They don't even seem to understand this is an issue.


  • Shayne McNamaraShayne McNamara Member Posts: 51
    edited July 2018
    To be honest I am not surprised.  They can't even email their own invoices to us for our monthly subscription without having to manually remember to do this.  I think they are an accounting company not a computer company and it shows.  Xero I think are the other way around but until they change their model slightly and have better stock integration we are stuck with Reckon.  One day though!!
  • RavRav Administrator Posts: 9,759 Administrator
    edited December 2017
    Hi Jeff,
    Apologies for the delay in getting back to you. In regard to the concerns you've raised, I can certainly understand where you're coming from and after speaking to the Hosted team, I'm happy to advise we have come changes coming up which will address this along with other areas of Hosted operations.

    We are currently in the process of updating our products to enhance various areas including security, this started with Reckon One and its move to the new Reckon Portal. In the first half of 2018 Hosted will make a similar move which will introduce new security processes around password resets and as such plain text passwords will no longer be an option.

    More info will follow as we get closer towards release.

    Hope that helps alleviate some concerns.

  • Jeff WormeJeff Worme Member Posts: 10
    edited December 2017
    At least someone has finally acknowledged it as a concern. As for taking months to fix. Not really good enough when it comes to security. 
Sign In or Register to comment.