Thank you for your feedback. We did have an extensive discussion about this in the SmarterMail 15.x BETA category, which was removed from public view with the close of the BETAs. I'll paraphrase some of the conversation for you here.
Many have arguments similar to yours that 1) seeing the user's password makes troubleshooting far easier/faster than changing the password on multiple devices and 2) those managing a mail server should be trusted enough to have access to account passwords. Others made points that viewing a password is good for audits and being able to let a user know they need something more secure.
I agree that our #1 problem with exploited accounts is because users use the same password for their SmarterMail email account as they use on other sites. We can do nothing but attempt to educate users to not use the same password on multiple sites, but removing the Show Password feature will make diagnosis of this problem (a simple password, or a common password character substitution) much more difficult. - Joe Wolf
It's common knowledge that management is permitted access to employees' business email accounts by law. And as such, it could be considered reasonable that management and (by extension) email admins have access to passwords as well. - Paul Blank
Respectfully, you aren't on the receiving end handling a call where someone has a half dozen devices and no clue how to configure any of them. If a user has to arbitrarily change a password because they forgot it, this is going to exponentially increase the support burden of those who provide support. - Ben Conner
While I can agree these are valid concerns for adding this functionality back in, there are other views I'd ask you to consider. Like the views of some other users who disagree with its inclusion, proclaiming this functionality to be a huge security risk and a step back in today's emphasis on security:
I'm shocked this feature ever existed. No password EVER should be exposed by anyone EVER. This may be some convenience feature for some...but the only feature should be a reset password option... If any of my users knew this existed, they wouldn't use my system, they'd go to Gmail or something else. - Neal Culiner
...You cannot have an enterprise class product when admins can access a plain text password. Not only from the perspective that your admins or employees have it, but if you ever had a data breach the attack would have direct access to that too. Tim & team, thank you for removing this. It will be a slight pain in the rear to deal with, but processes can be adjusted. - Robbie Wright
Finally, some words from our CEO and VP on the matter:
When we develop our software we now must take into account signifiant and exhaustive third-party audits that companies are required to do. We must take into account compliancy tests and we also must take into account your insurance requirements and our insurance requirements.
The way to handle password management is by providing users a significant number of tools to retrieve passwords via Forgot Password, Secret Words, SMS, Alternate Email and more. Realize, no matter how many tools there are, you will need to create Business Rules that employees will follow to aid customers in setting up Alternate Emails, Phone Numbers etc.
Changing policies and procedures is far less damaging than a data breach. -Tim Uzzanti, CEO
As the industry moves toward security and the ability to lock down email servers and accounts, protecting the information of the users has become more important. While the ability to see a user’s password has been removed in 15.x, there are still options available for an administrator to troubleshoot or view a user’s account. In fact, the replacement to the ‘Show Password’ option, is the ability to create a temporary password that can be used to access the account. You can also still impersonate the user as a System Admin or manually change passwords as the domain administrator. - Derek Curtis, VP of Business
In closing, we do understand that the removal of the Show Password button may cause a change of policy for you. However, in this day and age, security is an absolute priority and will sometimes come at the expense of simplicity. Many new features in regards to security will be available in future versions. It is a process, and this is the first of many steps.