Sending password via e-mail after registration

General info, hints, guidelines and rules for all XnView forums. Guests and new users please read here first.

Moderators: XnTriq, xnview

User avatar
Karl02
Posts: 134
Joined: Mon Sep 03, 2007 1:00 pm
Location: Germany

Sending password via e-mail after registration

Post by Karl02 »

I don't think that it's a good idea to automatically send the password in cleartext to a new user after he has registered. It's not necessary and it's a security risk. Could somebody please turn that off?
-- Karl
ckit
XnThusiast
Posts: 2451
Joined: Tue Feb 17, 2004 1:11 am
Location: Cabarlah, Australia

Post by ckit »

I think the idea is that you go and change your password after it's been sent to you which should only happen when you first register with the forum.
XnViewMP running on Windows 10 Pro x64 21H1
PhotoFiltre 11, PowerArchiver Toolkit, ShareX and Vivaldi Browser
User avatar
helmut
Posts: 8227
Joined: Sun Oct 12, 2003 6:47 pm
Location: Frankfurt, Germany

Post by helmut »

For forums it is pretty much standard to send a confirmation mail with login and password. Sure enough this is not very safe, but this forum has a quite different level of security than an online banking account for example.

So all I can say is:
Neither http protocol (=normal webpages) nor e-mail is safe, people should be aware of this. Never use one single password for everything.
Only https is encrypted and offers real security.
User avatar
Karl02
Posts: 134
Joined: Mon Sep 03, 2007 1:00 pm
Location: Germany

Post by Karl02 »

Sending a confirmation mail makes sense, but it's not necessary to include the password. Of course the security level of a forum is lower than that of a banking account, but in my opinion it should not be unnecessarily lowered further.

I hope the inclusion of the password in the confirmation mail can be turned off in the forum software. If not, it should at least be mentioned on the registration page that the chosen password will be included in the confirmation mail. Furthermore, an according request should be send to the forum software forum ... Hmm, it seems that there has been some discussion already:

- Password sent back by phpBB in welcome email
- Registration passwords in the clear.
-- Karl