This was my first time ordering from them. As a sysadmin, I was a little miffed to see my password sent back to me in a welcome email. It makes me nervous about other bad practices.
EDIT: I tried to reset my password and they sent a proper reset link, not my password in plain text.
I used to recommend ecigexpress.
In starting my juice line, I spoke with their sales department a few times and it was absolutely atrocious. They refused, flatly, to disclose any safety information regarding their Tobacco Express and Flavors Express line. All I needed was a Certificate of Analysis to show that those flavors are manufactured with some sort of care and they said it simply wasn't available. The sale rep said I could contact the flavoring manufacturer directly, but he couldn't provide their information because it was a trade secret. Huh?
They also would not provide any information on their rebottling operation, nor a COA for their facility.
I've written them off completely.
Interesting stuff! That's pretty unsettling about them flatout refusing to disclose anything... I've never used them yet (though I plan/planned to just to pick up their FE Lemon), as when I was first directed to them while getting started, their prices seemed significantly higher than the alternatives (I used BCV and ELM). Like at least $1.00 or more per little bottle. Adding to that the fact that the site runs extremely slowly for some reason, I couldn't figure out why they were so popular!
(I'm not trying to turn this into a "bash on ECX" thread or anything, it's just a convenient time to discuss my issues with them)
Did you contact them before flaming them on reddit? There are a lot of people in the world that literally don't understand why this is a bad thing. As a Sysadmin myself I'm a little upset that you bashed them without doing any do diligence first. ;)
I didn't bash them, I just explained exactly what I saw. Their site is working as intended, I just question their intent.
'Intent'? I doubt they are intending for your password to get hacked. It seems like they didn't check the 'don't send via plaintext' checkbox when they setup their site. It's a mistake and a simple one to fix. You could help educate them on this situation instead of making them look bad on reddit.
I just checked my records and this did not happen to me. My last order was March 2nd and yes I have an account created.
I ordered from then on May 1st and this did not happen to me.
This annoys me too. Sometimes it can be the case that the email was generated while processing the signup, and was actually stored hashed. So, like someone else said, if you do the "forgot password" and it comes back plaintext, they're storing it plaintext. If not, they might be hashing it. I do find it annoying to have plaintext passwords being sent to my email however.
Yeah, I noticed that too. My first order with them was last week. The emailing thing is not that big a deal because if your email account was compromised, you'd be screwed anyway since a hacker could use the "forgot password" function and activate the link or temp password they would send. A bigger issue is that they are keeping passwords on their system in the clear rather than just storing hashes.
http://www.diy-ejuice.com sent me back my pw in plain text on about april 13 by the time I contacted them they had the issue sorted, a problem with their provider or some jazz, but they were fast to contract me and sort it out.
I feel bad for you guys up there, those prices :-(
in Canada everything is more ....if you want to cry look at our internet/cell prices http://www.rogers.com/consumer/shop
Eh not too bad, I pay 170 a month for cable and internet... we have quite a few premium movie channels and sports stuff though. Our internet is slower than that too. 2 year term stuff sucks though.
At least you guys got the "great unbundling" coming up in 2016!! ;-)
As a side note I feel bad for never visiting Canada. I've lived in Minnesota or Michigan my entire life too, lol.