

Squarespace: They Asked for My Password. - steindavidb
http://www.keepitlit.co/blog/2014/2/14/im-leaving-squarespace-they-asked-for-my-password.html

======
colinbartlett
This is probably just some customer service mistake, not a systematic failure.

Why do people take isolated examples of uneducated, misinformed customer
service reps, and blow them into raging complaints damning the entire company?
I'm starting to see this regularly. Take a deep breath before you spew out
some diatribe on your blog.

~~~
RALaBarge
I think one of the comments someone left on the blog itself rings true:

"Wow, you are a hell customer."

I'm willing to bet Squarespace is happy the OP is leaving their service, I
know I would be if I were in their shoes.

Granted, it is a case of bad support, but as Colin mentions, it is likely an
issue with an under trained new hire, not a systematic failure.

~~~
rmrfrmrf
Hmmm smells like the HN misogynists are out again. Someone should really do a
sentiment analysis on HN comments based on author gender.

~~~
xauronx
If it helps anything, I came to the same conclusion and didn't realize the
author was a female until your post brought it to focus.

~~~
Ensorceled
Well, it helps that you didn't call her an "egotistical bitch" :-)

You can agree that she might be wrong but I think the sentiment is that some
of the people that are disagreeing with her are being specifically sexist in
their method of disagreement.

------
christacollins
Hey folks, Christa from Squarespace here. I'm the VP of Customer Care, and
would appreciate a moment to respond to some of the comments and concerns
expressed here.

To be clear, it is our stated policy to not ask for security credentials over
email. All of our 150+ customer care team members receive proper training,
both during on-boarding and on an ongoing basis.

This incident was quite simply an example of human error. The support request
was troubleshooting a mobile app interaction with our legacy Squarespace 5
product. This is a rare example of our team not being able to login as the
user. One of my team members made a mistake, and for that our entire team
apologizes. The proper action would have been to escalate to engineering or
ask the customer to create a temporary password.

We will of course use this as a teaching moment and continue to strive each
and every day to improve in our efforts to deliver world class support to all
of our customers.

Sincerely,

Christa

------
andrewjkerr
I actually encountered this with my registrar Enom. I reached out to them on
Twitter with no response, but, in their FAQ section, sure enough the
instructions were to email your domain name and password.

Needless to say, I changed that password and jumped ship. If any service
requires your password as verification, it's definitely a good idea to look
into other services.

------
purge
I was somewhat dumbfounded when I was asked for my apple id and password when
I went to get my screen replaced at the apple store.

After some debate with more senior team members, I reset my password to
something generic and gave it to them, but it sets a bad precedent for
customers who should be educated into never giving their password, under any
circumstances.

------
iagooar
You should write Squarespace and ask if this is their standard process. I
suspect that it could be a new support employee who is still learning how to
handle this kind of stuff.

~~~
danpalmer
I can see a few possibilities here:

1\. Squarespace don't have the engineering to support their support team's
work, therefore they need passwords. This is unlikely, but if it's the case,
people should avoid Squarespace, or at least using their support system.

2\. They do have the engineering support, but their support team don't know
how to use it and just ask for passwords. Given how much they emphasize
support, I find this unlikely, but again, if the case you should avoid using
them.

3\. A new starter on the support team hasn't been run through all of the
details about how to use the support system yet. This strikes me as the most
likely, and not grounds for avoiding Squarespace. It should be pointed out to
them, privately, so that they can emphasize customer password security in
their training process for support staff.

~~~
grayrest
I worked at Squarespace for two years as a developer. Neither support nor
engineering needs a password to diagnose and fix problems. I can't actually
think of anything on the system that would require this so my first thought is
that the support rep's machine or account has been compromised. Could also be
an extremely poor decision on the rep's part but I never ran across another
case in a couple hundred escalated issues.

~~~
danpalmer
Exactly, every web platform that gets anywhere near the size of Squarespace
would have systems in place to support this.

------
PaulFreund
Another way to look at this is to be happy that they had to ask for the
password...

~~~
Kesty
While it means that customer repcan not see the password or that the password
is hased, they should have a system to let them acces your account without
asking for your password.

------
rmrfrmrf
Yikes! So glad to know that these type of things are being broadcast to the
wider Internet community. I know quite a few people that use squarespace; I'll
make sure to let them know.

------
Ensorceled
Years ago I tried out SquareSpace and was having problems copy and pasting
content into their editor. Basically they told me to first paste into
TextEdit, convert to plain text and copy and then paste from there. When I
explained that was a non-starter they pointed out I could switch to Windows
and use IE or Firefox.

Yes, SquareSpace customer support actually recommended I switch from Mac to
Windows to use their service.

------
henderjon
If they're trying to recreate the issue, and are unable to do so, doesn't it
speak well of SS that they DO NOT have a way to access a users account?
Granted, asking for a password is poor form, but if that's the ONLY way to
recreate an issue given that SS can't just access a users account, I don't
think its worth blasting them for it.

------
cliveowen
I didn't know you could host a static website on DropBox.

Anyone knows how much traffic can handle such a site?

~~~
mikegillman
Yeah, that's not going to work very well.

~~~
ryanmo
It will work fine for low traffic sites if hosted out of the now deprecated
Public folder.

Sites like pancake.io, scriptogr.am or site44.com use the API, which don't
have bandwidth caps on the Dropbox side

~~~
cliveowen
What do you mean out of the public folder?

~~~
ryanmo
[https://www.dropbox.com/help/16](https://www.dropbox.com/help/16)

Easy way to host files, including html files

------
narag
No big deal. But requesting top posting _in red_ is outraging :-)

------
mastersk3
It is obviously a case of untrained, newbie customer rep who would've thought
'Getting access" meant requesting Username and Password.

------
surjithctly
Glad they didn't ask mail password :-P

~~~
danpalmer
Given that most people re-use a very small set of passwords across many
services, they essentially did.

------
bevacqua
The comments in that article are too damn retrograde

