Bill Dietrich
Jan 4 2012, 08:20 PM
I registered, choosing a password, and then got the activation email.
It contains my password, in cleartext. Isn't this considered bad security practice,
emailing a password around ? Should be done ONLY when user forgot password
and system chose a new one ("password reset").
ssfdre38
Jan 4 2012, 08:43 PM
no that is only sent to you so you can see the pass for your records only
Bill Dietrich
Jan 4 2012, 08:55 PM
Yes, I know it is only sent to me. But that is considered bad security
practice, I think. Never email passwords, except in case of a system-generated
password (password reset).
jessiecascott82
Jan 5 2012, 09:15 AM
I agree with you that it shouldn't sent to email clearly because if email got hacked and we want to reset then hacker ill get to know all pass easily by checking old emails.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.