Shane posted this earier.
I contacted customer support through their online live chat support. My expectation was that they would either point me to a page where I could go through a process of requesting a password reset or that they would have to reset my password and the system would automatically send it to my email address.Michael Sheehan, Technology Evangelist for GoGrid responded;
The support rep asked for my name, email address, and billing address for the credit card on file. What happened next, was a complete shock to me...in the chat window, there was my password in plain text. Not only did the rep have access to my password (which is completely unacceptable), but they actually gave it to me without any real assurance that I was who I said I was.
Thank you for pointing this out. I will be sure that our support team knows not to give out this type of information, or if it is given out, it is done in a secure manner.I'm not a gogrid customer nor have I used their service, so I can not confirm this report first hand. But regardless of whether or not the site is SSL encrypted, in order to gain access to someones account you appear to need is some basic credentials and they will freely give you access? Sounds scary to me.
Security is of utmost importance to us. If you have any other suggestion on how we can increase your comfort level (e.g., with password hints, temporary password resets, etc.) please let me know.
Do note that our entire GoGrid portal is run with SSL-encryption, INCLUDING the chat session so while I agree with you that the password should not have been delivered in that manner, the chat session was encrypted with RC4 128 bit encryption.