I was just horrified to realize that you guys send plain text passwords via email on a reset. Please tell me you have imminent plans to fix this serious lack of security.
Since this is only a temporary password and the email encourages you to modify the password, which you just have done, the only harm should be from people directly having access to your mail account, or not?
Anyway, many sites that give out temporary passwords do that plain text blasphemy.
I was just horrified to realize that you guys send plain text passwords via email on a reset. Please tell me you have imminent plans to fix this serious lack of security.
I've had one website send me my own password in plain text after activating an eBook. This is over a year after I made the account, and I never requested a password be sent. "Congrats, you now own this eBook [account]: [password]"
I still shutter thinking about where it is probably stored...