TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

Security Concern about DocuSign

Discussion in 'Model S: Ordering, Production, Delivery' started by Carguy949, Apr 16, 2014.

  1. Carguy949

    Carguy949 Member

    Joined:
    Jan 2, 2014
    Messages:
    26
    Location:
    Southern California
    I just got my final paperwork from Tesla and read the details of DocuSign. It says that if you agree, Tesla will send all future documents through DocuSign to your e-mail address. It says you can change your e-mail address at any time, which is good. But then it says that all you need to do to change it is send them an e-mail with your old address and new address, nothing else. That sounds like someone could hack into my e-mail, ask them to change e-mail address and I'd miss future notifications, and not be aware of anything.

    I know Tesla reads this forum, so I'd like to suggest they add a security step before changing someone's e-mail address.
     
  2. dsm363

    dsm363 Roadster + Sig Model S

    Joined:
    May 17, 2009
    Messages:
    18,235
    Location:
    Las Vegas, NV
    That does sound odd. Do they maybe mean you change it after you log into My Tesla on the website?
     
  3. jhs_7645

    jhs_7645 VIN: #3305

    Joined:
    Jul 1, 2012
    Messages:
    451
    Location:
    Camas, WA
    I’m wouldn’t worry about somebody messing with your Tesla docs, but if somebody hacked into your email, they could just as likely go through your email looking for where you do your banking, attempt to log in, click ‘forgot password’ get your password reset link, log in, and drain your account. As a matter of fact, if somebody hacked your email then they can get to every single account you use that isn’t protected with two step authentication.

    Lesson: Don’t let people hack your email. Add two step authentication to your email account, it is the single most important account you have...
     
  4. Gizmotoy

    Gizmotoy Active Member

    Joined:
    Sep 16, 2013
    Messages:
    3,132
    Location:
    Bay Area, CA
    DocuSign supports all kinds of additional authentication methods. My credit union also uses them, and whenever I get a document there's a list of 5-10 questions about my history and financial status that would make it practically impossible for anyone to break in, even if the document was sent to their email address.

    Presumably if they have need to send you further documents that are sensitive, though I can't think what that might be, they'll use some of the verification features.

    I also changed my address during the process, and you're notified at both the new and old addresses of the change.
     
  5. FlasherZ

    FlasherZ Sig Model S + Sig Model X + Model 3 Resv

    Joined:
    Jun 21, 2012
    Messages:
    7,019
    Sometimes it makes me unable to log in... "Did I really live there? What was that street name? I don't remember the 5th car I had!"
     
  6. RDoc

    RDoc S85D

    Joined:
    Aug 24, 2012
    Messages:
    1,569
    Location:
    Boston North Shore
    If your bank does online banking by email you need a new bank.
     
  7. jhs_7645

    jhs_7645 VIN: #3305

    Joined:
    Jul 1, 2012
    Messages:
    451
    Location:
    Camas, WA
    heh... I agree. That's not what I describe though.

    I'm talking a scenario where somebody has access to your email account (online one, like gmail.. complete with archives).. Does your bank send you notifications when your statements are available? etc... does your credit card? Imagine somebody can read all your email and what information they can glean about you. That's all I'm saying. I'm not trying to be an alarmist, rather trying to say that if somebody has 'hacked your email', then docusign is perhaps the least of your worries.
     
  8. dsm363

    dsm363 Roadster + Sig Model S

    Joined:
    May 17, 2009
    Messages:
    18,235
    Location:
    Las Vegas, NV
    The original post made it sound like anyone could email Tesla from any email account and say 'that's my car and this is my new email address'. I doubt that is how they would handle things.
     
  9. Plug Me In

    Plug Me In Member

    Joined:
    Nov 29, 2012
    Messages:
    580
    Location:
    Central Virginia
    Docusign, for me, involved a couple of events over about a 2 week period when purchasing the car. In the 14 months since, everything has been regular email with PDF documents not requiring any electronic signatures (service records, etc.).
     
  10. zax123

    zax123 CDN Model S P308

    Joined:
    Jun 4, 2012
    Messages:
    911
    Location:
    Candiac, QC, CAN
    Spoofing an email address is extremely easy to do, so it's easy to pretend to be someone else. Hopefully, Tesla a two way authentication and verifies that you actually made the request.

    If someone can hack your email account, they may just as well hack your Tesla account which is just as "easy" to hack if not easier depending on your email provider.
     
  11. 30seconds

    30seconds Active Member

    Joined:
    Feb 28, 2013
    Messages:
    1,136
    Location:
    SF
    we moved last year and the entire buy process of the new house and the sell process of the old house was via docusign. of course there are always security risks, but docusign is pretty much standard out here in SF bay area for real estate - so there is a good amount of ongoing validation of the company/ product
     
  12. mptpro

    mptpro Member

    Joined:
    May 30, 2014
    Messages:
    6
    Location:
    Thomas
    I'll just chime and say that DocuSign is VERY secure. As a Financial Advisor (and supervising principle of 50+ Advisors) I can tell you that our entire firm uses DS. We use it for all internal documents and client accounts, many of which are in the millions of dollars. Never had a problem.
     

Share This Page