Initial Questions...

Hello,
I read OVER and OVER again about not giving our passwords etc to the support, so I am confused as to WHEN and HOW we give them our
login info .. as they have to have it to work on my site, yes?
Also, I need help with my v2 opencart with multiple extensions, is commercial support able to do update my extensions and the opencart?
THATS where it gets very complicated lol
Thanks so much
Nancy

That's correct, we usually need FTP and admin details to work on a site.

I've sent you a PM

yeah but they warn over and over NOT to give that info... so now what? roflmao

create a temporary account for them then delete it after the work is done. don't give anyone your master passwords

ardragifts wrote: ↑

Wed Jan 24, 2018 5:49 am

I read OVER and OVER again about not giving our passwords etc to the support, so I am confused as to WHEN and HOW we give them our
login info .. as they have to have it to work on my site, yes?

Which "support" are you talking about? If it's your hosting support, they should rarely need passwords (they have superpowers to see through anything and get in anywhere), except perhaps for encrypted data. I think the warning is given to keep you from answering a phone call from someone claiming to be "support" and blithely giving them your IDs and passwords (this is called "social engineering"). If you initiate the contact and are sure they are who they say they are, it's safe to give passwords (but still, change them later).

If you are contracting with someone to do work for you, sometimes you have to give out passwords and such, for them to be able to do their job. It then comes down to trustworthiness -- have you done due diligence on your part to check references and get a good feeling for this contractor? Even then, give them only the minimum access privileges they need to do the job, and change all passwords you gave them (or they might have been able to see) when the job is done. Sometimes new FTP accounts can help, but if they need to get into the heart of your store, that may not be sufficient for them to do their work, or they may need to be able to change system settings. In any case, before letting them on the system, back up everything offsite, and save a list of file names and timestamps to compare against when they're gone. If they can't account for a new file or directory, or for a change to an existing one, demand answers and quarantine that file or directory. They should be able at the end of the job to tell you everything they touched, but it's up to you to confirm that nothing else was changed or added. And you need to know what things (if any) on your site get automatically updated, so that you don't end up falsely accusing them.