MobileRead Forums - View Single Post - Dangerous practices -- sending passwords

cerement · 03-22-2009, 01:58 PM

Either way, like the OP states, sending passwords in the clear is just plain bad policy. And it's a clear indication of sloppiness on part of the website creator.

Standard policy for most websites if you forget your password is they send a reset link or a temporary password to your email. Both methods require you logging on to the website and entering a new password immediately.

If you're really worried about (in)security, just refer to the master. His blog makes interesting reading (or uncomfortable reading if you're one of those who has any illusions about the competance of TSA).

03-22-2009, 01:58 PM	#21
cerement Groupie Posts: 170 Karma: 2000 Join Date: Apr 2008 Location: San José, CA Device: Amazon Kindle 1, Sony PRS-300, Amazon Kindle 3	Either way, like the OP states, sending passwords in the clear is just plain bad policy. And it's a clear indication of sloppiness on part of the website creator. Standard policy for most websites if you forget your password is they send a reset link or a temporary password to your email. Both methods require you logging on to the website and entering a new password immediately. If you're really worried about (in)security, just refer to the master. His blog makes interesting reading (or uncomfortable reading if you're one of those who has any illusions about the competance of TSA).