Very interesting. I wonder if our account names have a piece of our VIN in it or something like that? And I wonder if all the passwords are the same or also unique to the car. If someone went to the web site and changed their password, the Restore button may no longer work in the car.
If I were the engineer writing this part of the process, this is how I would do it.
- Use a TeslaMotors.com email address for the account login (done)
- Generate a random password for the account (looks like it)
- Develop a lookup table between vehicle VIN and account credentials
- Set up a process so a "forgot my password" reset at Slacker could be scripted/automated by Tesla's systems and provide a new random password get also gets stored in the lookup system
- Have "Restore Account" in the vehicle trigger a Slacker reset password
Why all the "complexity"? Well, if someone changes the password, resetting the lookup links is all automated, that's why
Also, if an account is ever "compromised", this process lets the password get reset right away.
Note, this is simply one way it could have been done and may not be the way Tesla did it. I have no inside knowledge.