44 upvotes, 2 direct replies (showing 2)
View submission: Reddit's Streak of Bad Luck Continues...
It is just bad practice to store passwords in cleartext & especially email that password. Simply generate a new random password and email that to them. The user can always change the password to whatever they want after that!
Comment by tmoertel at 15/12/2006 at 07:27 UTC
23 upvotes, 0 direct replies
Better yet, email the user a time-limited, one-time, signed link that takes him to a page where, upon confirmation, he is assigned a new, random password. That way, if he decides not to change the password, there won't be a cleartext copy of it in his inbox.
Comment by dhw at 13/09/2007 at 12:37 UTC
1 upvotes, 1 direct replies
I agree - Any reputable compay sends out a random which is then changed later. Is it to late to stop the spam? - what similar systems as spam cop?