Please don’t ask for my password

It’s been 3 months since I launched PicMos which is hosted on a linode 512. I’ve got 200GB of monthly data transfer with the plan out of which I’m using around 200MB per month (because of low on number of visitors and some basic optimization of the application) and the system is idle most of the time. I thought it is a good idea to move which is hosted with siteground to this linode so that I can save some bucks on hosting. I logged into my siteground account and looked around for an option to remove renewal of my hosting plan. The dashboard is pretty neat and I was able to find an option to cancel my hosting plan renewal. However, there was no direct option to keep my domain name up for renewal. I wasn’t sure if cancelling my hosting renewal will cancel my domain name renewal as well. So, I clicked on support and chose to chat with their support rep. I was quickly connected to a support guy and when I explained him of my requirement, he asked me for my account details. I gave him my username. He then asked me for my password. I said “You need my password?”. He replied explaining that the connection is encrypted with 256-bit encryption and it is safe for me to give my password to him. I said I’d rather do it myself if he tell me where I can find that option to remove just the hosting renewal. He agreed and told me the way to do it.

I think he shouldn’t have asked me for my password and nobody should. I know the connection is secure but still it is my password. They should have some mechanism built in so that the support guy is able to get into my account using my current active session. I’m not sure if it is the case with just siteground or  many others out there, but I’m not comfortable giving my password no matter how secure the connection is.

  • Angelo

    I always thought that it was common practice that employees at companies could not ask you for your password. 

  • Pablo

    Your answer and request for help on solving the problem yourself was totally right in my opinion, as an attack from a social engineer would be practically indistinguishable from the employee’s behavior. 

    • Anonymous

      Exactly! Like they say “On the internet, nobody knows you’re a dog.” I think it’s the employer’s responsibility to educate employees on things like this. I’m not sure if the employer is to be blamed or just the support person in my case though.

  • Arun Saragadam

    I guess its only the case with siteground. Not many companies do that.

  • jessor

    wrt/ picmos, please don’t automatically post on my wall ;)

    • Anonymous

      I think I’m posting only a message saying that you’re now using picmos. Will consider your suggestion :)