So you do not trust them with your password (that you're going to change later anyway), but you do trust them with unpassworded access to your account?
All I'm saying is that you have to have that trust, it's always going to be the basis of how customer support works in businesses like this. Requiring that you give out your password to a person is not acceptable.
Now, having seen some of the alternative systems suggested, I think I agree.
I instinctively do not want to give my password to anyone. And that's a great habit to get into, and we want regular people to get into that habit. That would make phishing less useful.
In this case it seems they're trying really hard to protect your domain from harm. But yes, I've been mostly persuaded.
