>Personally, I'd rather require that $CUSTOMER call Tucows/etc., and
>provide proof of identity, the whole nine yards in the case of a forgotten
>password, than for someone to be able to sniff the password at some stage
>of e-mail and get it handed to them.
This is how you personally feel.
What do your customers want? Many of our customers are too busy with their
brick-and-mortar businesses to worry about doing the full 9 yards to prove
their identity as you mentioned.
It would seem appropriate that the RSP could obtain the password, call the
customer directly, and give them the password when requested.
Instead of using e-mail for this procedure, we could use the telephone
number. This way we'd only have to worry about wire-taps.
