Solved

Why don't the OVO online account password reset emails work for text-only email clients?

  • 24 December 2021
  • 4 replies
  • 348 views
S
Rank

Just been forcibly switched to Ovo from SSE and so far the experience has been largely negative. Among the issues, one that needs to be fixed by Ovo technical support is a flaw in their password-setting process when registering to access Ovo on line.

This process sends an email to the nominated email address with the subject field of “Let’s get your password set” and begins with the text, “Ready, set, go.”

This email does not work in text-only email clients.

I appreciate that not using Outlook or a web mail client is becoming increasingly unusual, but the problem with web-enabled email is that they can easily be used to attack and compromise a PC. For that reason, I use an email client (Claws-Mail) which renders all email content as plaintext and does not support or display HTML-rendered email.

The Ovo “password set” Email contains a link, which I am able to see, inspect, verify and follow in my email client. However, each time I follow the link that way, or if I copy and paste it in to my browser, I am taken back to the registration page instead of the password setting page.

The only way around this was to intercept the registration email by using the webmail access for my email service provider (I don’t use e.g. Hotmail or GMail as they’re insecure; I have my own registered domain and I use a web hosting provider for email services.

I appreciate that Ovo have configured the registration process for “the 99%” and I’m perfectly OK with that, but that doesn’t excuse implementing a solution for people who are happy to sacrifice HTML-rendered email in return for better security.

 

Can Ovo Tech Support please take a look at this and see if there is any way that you can test and confirm your outbound email with text-only email clients? It would be good practice as it is much more secure.

Thank you.

icon

Best answer by Jess_OVO 24 December 2021, 11:19

View original

4 replies

Blastoise186
Rank
Userlevel 7
Badge +1

Hey there @sproggit !

Thanks for flagging this up, you’ve reached the forum volunteer Blastoise186. I can’t request this to be fixed myself, but you’ve definitely come to the right place.

I’ve gone ahead and notified @Tim_OVO and @Jess_OVO about this bug and they’ll be able to submit a bug report to the Tech Team for you, hope that’s OK! It may take a while to resolve, but it can definitely be looked at.

We’ll try to keep you posted with any updates.

Thanks for the catch!

Securing energy by zapping security bugs... For that is The Blastoise Way!
Jess_OVO
Rank
Userlevel 7

Updated on 07/02/23 by Emmanuelle_OVO

 

If you’re having an issue resetting your password and are using the Outlook Live app we are aware this may cause an error message, if so, please switch to a browser version. 

 

Hi and Welcome to OVO and to our online community here, @sproggit.

 

Sorry to hear you’ve encountered some issues when trying to view the password reset email in a text-only format. As this hasn’t been raised here previously I’m going to take it away to the team as we really value feedback which can help make the login process easier for all.

 

In case you hadn’t spotted it we’ve also put together some FAQs for members moving from SSE to OVO - Got any more questions about your new account? Let us know - we’re always happy to help you get settled in here :slight_smile:

Powered by Re-knowable Energy!
S
Rank

Blastoise186 and Jess, thanks both for responding promptly.

I appreciate your being willing to take a look at this as I genuinely do believe that plaintext email is simpler and much more secure (as long as you don’t include confidential data!!!).

I consider reliance upon HTML-rendered email to be bad-habit-forming, if I’m honest.

Appreciate that makes me sound a bit like a luddite, though in fact I work in cybersecurity and try really hard to practice what I preach.

The link in my first post (to the Claws-Mail web site) takes you to a page where there is a link to free downloadable binaries. I run a Linux desktop which is well supported by Claws, but there is a Windows binary there too, if you would like to experiment.

On the other hand, if you need someone to test while you’re experimenting with this, please feel free to reach out. I’ll be happy to assist with testing as it’s definitely in my best interest to do so!

Blastoise186
Rank
Userlevel 7
Badge +1

No worries, I work in cybersecurity myself and I can understand where you’re coming from.

To be fair, you do have a valid point in terms of accessibility as well. Screen readers tend to have a much easier time with plain text emails than with HTML, so it’d be a bonus if there’s support for that as an alternative.

In theory, it’s possible for OVO to have support for both types at once, but luckily for me, that’s not my problem! XD

The alternative option I can think of, would be to have a setting or flag on your account that controls whether you’d prefer HTML or Plain Text emails and have that synchronise with as much of OVO’s platform as possible. If that was combined with other measures, it might help to make sure things work as intended.

Securing energy by zapping security bugs... For that is The Blastoise Way!

Reply


Terms & ConditionsCookie settings