top | item 3595503

(no title)

sunchild | 14 years ago

And what percentage would – like me – delete their account as soon as you send them a plaintext temp password?

You're living in the past if you think this is an acceptable practice. I don't care how trivial your web service is, if you're throwing my password around willy-nilly, I don't want you.

discuss

rudiger|14 years ago

To answer your question, probably less than 1%.

I like the practice of emailing a link to a page where the user can set their password for the first time.

mmatants|14 years ago

It's unacceptable to transmit in plain-text a password that the user specified.

But if it's a randomly-generated new nonce, seems OK as a pragmatic middle-ground. Folks like us, who care, will log in and change it.

sunchild|14 years ago

Probably a draw, as you say, since someone could get ahold of an authenticated link in your email, too.

powertower|14 years ago

This isn't an attack for the downvote. But if you're the type of customer that flips out over getting your temp password in the mail to a blank account, I don't want you. As the troubles are only starting...

natrius|14 years ago

Google Apps sends plaintext temporary passwords.

sunchild|14 years ago

Only if you (admin user) ask it to. Still a bad practice. Also, the premise is that Google trusts itself as an email provider.