When a customer comes to us to modify a record, we have to tell him "We will send you the password. Send it back to us so that we can make the changes." Then he inevitably says: "That is such a stupid system. If you have the password to send me, why do I need to send it to you?" To which we reply: "We don't have the password. That email that appears to come from us doesn't, and we have no access to it, although our name is plastered all over it." Now our customer thinks that it is even more stupid than previously thought, and in some cases says: "Well, I'll just go to a registrar/reseller who can make those changes for me."
Well, then you are foolish for presenting the issue to your customer in that manner.
We tell them the system is set up with their security in mind. This way they and ONLY they can get the password.
Any time I've dealt with the password issue, the customer has been understanding, even HAPPY to hear that we can't get their passwords. And I can certainly say I've never lost a customer over this issue.
-Russ
