How can I get it to not send my passwords though email when I change them? I’m very suprised (and dissapointed) this is turned on by default.
The default is not to email you a password if you know what the old one was.
In the control panel, on the Password tab under Users, just leave the dot in Change Your Password. Enter your old one, then your new one twice. Click the “Change, then email password” box. (Despite the wording on the submit button, it only does what you’ve told it to do by putting the dot beside the option you want.)
I just did this and even entered a wrong password just to make sure email doesn’t go out. If you enter a wrong one, the error does let you know that a password can be emailed, but you have to request that option.
I’m still getting passwords emailed to me in certain circumstances. For instance, when I create a new ftp account and specify a password (instead of using an auto-generated one). I do not consider it acceptable for passwords to EVER be transferred in any plain-text format or even displayed on-screen - especially not by default. As a new DreamHost user I find this to be an extremely discouraging sign.
You can have us PGP-encrypt all emails from us to you. You can set it up by clicking the “Edit Profile” link on the Web Panel:
The key is at:
The key is also on public keyservers (like pgp.mit.edu) - key-ID 0x7FA461C9. I imagine a copy of the key (or a link to it) could be added pretty easily - maybe write support and suggest it.
Note, though, that encryption currently isn’t supported… only PGP-signing - so this doesn’t currently address that particular problem at all.