This is probably just some customer service mistake, not a systematic failure.
Why do people take isolated examples of uneducated, misinformed customer service reps, and blow them into raging complaints damning the entire company? I'm starting to see this regularly. Take a deep breath before you spew out some diatribe on your blog.
If you understood how customer service business runs, you'd know that this is most definitely a systematic failure. I'm shocked how many people on HN seem to think that customer service reps act on their own volition. And if Squarespace is really that bold as to allow untrained individuals to handle customer service, the first thing they should be trained on is to NEVER ask for a password.
The author of this post is 100% correct in leaving a company she doesn't trust and warning readers that that behavior is entirely unacceptable.
If you understood how customer service business runs, you'd know that this is most definitely a systematic failure. I'm shocked how many people on HN seem to think that customer service reps act on their own volition.
There is no uniform customer service business or uniform training. Having worked in companies with support departments, there is a wide variance. Some are tightly scripted, others are given almost free reign and simply told to resolve issues quickly. edit: of course, password through email is big no-no.
No. There are plenty of services where your pw is encrypted locally, so your service provider CAN'T access your account to fix something without your password.
Many of the cloud storage providers do this. You want your files recovered, you'll have to hand over your pw (or not have the problem fixed).
Which is fair enough. As and when you find out that their support sucks, you look for better alternatives.
Just because you're still using some other services with crap support, doesn't mean that you shouldn't try to get better alternatives when you do find unacceptable behaviour.
Oh no, it's definitely the company's fault. Any real service where support may need to get involved will provide the support people with an admin interface or a way to login as the user without their password. That's the standard way to do it.
If they didn't provide that and didn't explicitly say "never ask for password", that's really the company's fault.
Oh, right, Windows. Using Windows as a counter point to any argument on best practices is silly. But even then, as your domain admin, I can reset your password, login as you and then reset a new temporary password for you. I have done this and would never ask a user for their password. Even on windows.
1. I wrote service as in service provided on the web, not software. I'm sure online office (360, live, or whatever the name is this week) support has the ability to get to your documents though.
2. There's runas.
3. There's lots of examples of software that allows you to use the system remotely. Some of them have signatures in the virus databases, some don't.
You don't think there's a systemic failure if under-trained new hires are on the front line requesting passwords?
If they've not been educated about not doing that, there's a fair chance they aren't going to be too smart around other big security issues either - such as resetting passwords with very little validation of whether it's the genuine customer requesting it or not.
Tough customers, once won over, can prove to be extremely loyal. And in this case, the customer did Squarespace a favor by pointing out a flaw in their customer service approach. Undertraining can in fact be a systematic failure.
Unless the customer is causing you a major amount of aggravation or costing you money, you shouldn't be happy to see one go.
Also, FWIW, I don't think citing a comment in which the commenter calls the OP an "egotistical bitch" twice is good support for an argument.
Totally agree, but if the person who has an issue with your service, their first move is to blog and submit the post to HN, then likely they are going to be a shitty customer to deal with.
As for cherry picking that quote from the comments, that is fair. I did not read his sexist diatribe, i just read his opening statement and concurred.
"Wow, you are a hell customer. In the future, set a temporary password. They were trying to help you and you have to be a mouthy egotistical bitch. I'm sure they're happy to see you go. As someone in customer support, I'm sure they're happy to see you go. Egotistical hipster bitch."
For not wanting to give her password to customer support she is somehow a "mouthy egotistical bitch", a "hell customer", etc.
And yet you get down voted for mentioning the misogynist word?
Well, it helps that you didn't call her an "egotistical bitch" :-)
You can agree that she might be wrong but I think the sentiment is that some of the people that are disagreeing with her are being specifically sexist in their method of disagreement.
A hell customer would call them up, yell, demand answers, and refuse to hang up until the situation was "fixed" to her liking, threaten to sue and call CNN, etc.
Most support agents are probably ok with seeing a staunchly unsatisfied customer simply leave and allow them to help people who want to be helped.
Hey folks, Christa from Squarespace here. I'm the VP of Customer Care, and would appreciate a moment to respond to some of the comments and concerns expressed here.
To be clear, it is our stated policy to not ask for security credentials over email. All of our 150+ customer care team members receive proper training, both during on-boarding and on an ongoing basis.
This incident was quite simply an example of human error. The support request was troubleshooting a mobile app interaction with our legacy Squarespace 5 product. This is a rare example of our team not being able to login as the user. One of my team members made a mistake, and for that our entire team apologizes. The proper action would have been to escalate to engineering or ask the customer to create a temporary password.
We will of course use this as a teaching moment and continue to strive each and every day to improve in our efforts to deliver world class support to all of our customers.
I actually encountered this with my registrar Enom. I reached out to them on Twitter with no response, but, in their FAQ section, sure enough the instructions were to email your domain name and password.
Needless to say, I changed that password and jumped ship. If any service requires your password as verification, it's definitely a good idea to look into other services.
I was somewhat dumbfounded when I was asked for my apple id and password when I went to get my screen replaced at the apple store.
After some debate with more senior team members, I reset my password to something generic and gave it to them, but it sets a bad precedent for customers who should be educated into never giving their password, under any circumstances.
You should write Squarespace and ask if this is their standard process. I suspect that it could be a new support employee who is still learning how to handle this kind of stuff.
Absolutely not. Given how mechanized customer support is these days, there is no reason to ask for login credentials. A new support employee would no doubt be reading off of a prompt and a seasoned support employee should absolutely know better.
I only assume that Squarespace is either having support people follow a script, or is training them well enough that they don't need to follow a script. Either way, they shouldn't be asking for passwords.
Other people seem to be assuming that Squarespace is having untrained people do support, which is a much more damaging assumption.
By script, I mean standard procedures. "For this problem, do this. If it doesn't work, try this." And if you don't have that, yeah, you are going to get wildly varying quality of support.
1. Squarespace don't have the engineering to support their support team's work, therefore they need passwords. This is unlikely, but if it's the case, people should avoid Squarespace, or at least using their support system.
2. They do have the engineering support, but their support team don't know how to use it and just ask for passwords. Given how much they emphasize support, I find this unlikely, but again, if the case you should avoid using them.
3. A new starter on the support team hasn't been run through all of the details about how to use the support system yet. This strikes me as the most likely, and not grounds for avoiding Squarespace. It should be pointed out to them, privately, so that they can emphasize customer password security in their training process for support staff.
I worked at Squarespace for two years as a developer. Neither support nor engineering needs a password to diagnose and fix problems. I can't actually think of anything on the system that would require this so my first thought is that the support rep's machine or account has been compromised. Could also be an extremely poor decision on the rep's part but I never ran across another case in a couple hundred escalated issues.
I had a couple of minor styling issues once with one of Squarespace's templates. I emailed customer support and they pretty much could not have handled it any better. They were in constant contact with me and fixed both my problems (which required dev team action) quickly and totally to my satisfaction.
I was never asked for my password and I doubt very much if that's normal procedure. Without trying to sound like some shill account, I can tell you that Squarespace made a loyal customer out of me by giving me the kind of support they promise, but which I had previously assumed was sales-talk-BS.
I'm going to say it was a case of number 3 on your list.
While it means that customer repcan not see the password or that the password is hased, they should have a system to let them acces your account without asking for your password.
Yikes! So glad to know that these type of things are being broadcast to the wider Internet community. I know quite a few people that use squarespace; I'll make sure to let them know.
Years ago I tried out SquareSpace and was having problems copy and pasting content into their editor. Basically they told me to first paste into TextEdit, convert to plain text and copy and then paste from there. When I explained that was a non-starter they pointed out I could switch to Windows and use IE or Firefox.
Yes, SquareSpace customer support actually recommended I switch from Mac to Windows to use their service.
If they're trying to recreate the issue, and are unable to do so, doesn't it speak well of SS that they DO NOT have a way to access a users account? Granted, asking for a password is poor form, but if that's the ONLY way to recreate an issue given that SS can't just access a users account, I don't think its worth blasting them for it.
Why do people take isolated examples of uneducated, misinformed customer service reps, and blow them into raging complaints damning the entire company? I'm starting to see this regularly. Take a deep breath before you spew out some diatribe on your blog.