Sending plain text passwords in email? REALLY?!

Discussion in 'Site and Forum Feedback' started by ScottyTheMenace, Apr 22, 2014.

Most Liked Posts
  1. ScottyTheMenace, Apr 22, 2014

    ScottyTheMenace macrumors member

    Joined:
    Apr 5, 2013
    #1
    I was just horrified to realize that you guys send plain text passwords via email on a reset. Please tell me you have imminent plans to fix this serious lack of security.
     
    share
    + Quote Reply
  2. simsaladimbamba, Apr 22, 2014

    simsaladimbamba Guest

    simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #2
    Since this is only a temporary password and the email encourages you to modify the password, which you just have done, the only harm should be from people directly having access to your mail account, or not?

    Anyway, many sites that give out temporary passwords do that plain text blasphemy.
     
    share
    + Quote Reply
  3. arn, Apr 22, 2014

    arn macrumors god

    arn

    Staff Member

    Joined:
    Apr 9, 2001
    #3
    Unfortunately, it's how our software works at the moment. You are recommended to change your password when you go through the recovery process.

    Note, you can't ever retrieve your current password in plaintext.

    arn
     
    share
    + Quote Reply
  4. Parasprite, Apr 22, 2014

    Parasprite macrumors 68000

    Parasprite

    Joined:
    Mar 5, 2013
    #4
    I've had one website send me my own password in plain text after activating an eBook. This is over a year after I made the account, and I never requested a password be sent. "Congrats, you now own this eBook [account]: [password]"

    I still shutter thinking about where it is probably stored...
     
    share
    + Quote Reply
(You must log in or sign up to post here.)

Share This Page