
Ask HN: Customer support asked for my login/password, what should I do? - marcv81
I am using a device which syncs to the manufacturer&#x27;s cloud (major brand, you would know them). I reported a potential bug to their customer support. They asked for my login&#x2F;password to verify. The email headers appear legit, and they were not pushy when I proposed to send screen captures instead. What can I do to make the world a better and more secure place?
======
ploggingdev
Can you provide more details? What's the company, the device and what exactly
is the issue you are facing?

~~~
marcv81
I am not sure about naming the company, as I'm not sure it would help them
(but maybe?). The device is in the IoT/fitness space. I don't think explaining
good security practices to a customer support person is going to help as they
are just following their script. The bug is irrelevant to the security issue
of asking for a password; it is not a security bug itself.

