As of an update in Sept 2015, we do not store user account password data in any reversible form. Even if a hacker were to get full access to our database, it would be impossible for them to uncover any user passwords. Additionally, we've implemented brute-force password attack protection by increasing the response time for each successive failed attempt.
The flip side of these protections is that dealers can no longer see or set user passwords from myLab or Lab 50. In order to allow dealers to still log into user accounts to facilitate customer service, we've introduced a one-time-use, 60-minute-expiration password system. From the Membership tab on myLab's Customer Details page, an operator can request a one-time password.
The password can be copied to the clipboard and then used to log into the customer's account on the dealer's site and will expire after 60 minutes.
