View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|14408||Feature requests||[All Projects] Security||public||2019-01-08 17:32||2019-03-23 09:45|
|Target Version||Fixed in Version|
|Summary||14408: DSVGO - sending passwort in plain-text with an e-mail is no longer allowed|
If a user registers to continue the survey later, an e-mail will be sent to him. In this e-mail the user will find the password in plain text. You can also find the password in plain-text in the URL.
|Tags||No tags attached.|
Same for "Create admin user" => we must use "Single password system"
dont call it password ;-)
Else : in my opinion : must have a checkbox "Put complete link for reload" Y/N : N is better, but Y didn't update for other user.
My general global opinion : muts move whole register system to plugin/extension/module …
dont call it password seems a good solution :)
1.) Which section of the DSGVO / GDPR is forbidding passwords via E-Mail?
But even without DSGVO/GDPR sending passwords directly per E-Mail is not good practice.
For Save / Resume I would recommend to show a precreate "Surveykey, Accesskey" (plus QRCode) and allow people to choose to let it send to them via E-Mail. Their choice.
@adelphi_user, can you pinpoint the article in GDPR that stipulates that? I also know that it is not recommended, but still "acceptable".
Nevertheless, we are aware of the issue you describe and we will change it in the upcoming version; I hope :)
|2019-01-08 17:32||adelphi_user||New Issue|
|2019-01-09 11:54||DenisChenu||Note Added: 50131|
|2019-01-09 14:54||bismark||Note Added: 50135|
|2019-01-09 15:26||DenisChenu||Note Added: 50137|
|2019-01-10 15:11||LouisGac||Note Added: 50146|
|2019-03-12 15:11||DenisChenu||Relationship added||related to 14049|
|2019-03-12 15:35||DenisChenu||Relationship added||related to 14621|
|2019-03-13 12:02||jelo||Note Added: 50945|
|2019-03-13 12:16||DenisChenu||Note Added: 50947|
|2019-03-14 11:16||cdorin||Note Added: 50976|