Sending password via e-mail after registration
Sending password via e-mail after registration
I don't think that it's a good idea to automatically send the password in cleartext to a new user after he has registered. It's not necessary and it's a security risk. Could somebody please turn that off?
			
			
									
						
							-- Karl
			
						I think the idea is that you go and change your password after it's been sent to you which should only happen when you first register with the forum.
			
			
									
						
							AMD Ryzen 3 3300X 3.8Ghz, 16Gb DDR4, RX6600XT with Dell U2520D at 2560x1440@60Hz scaling 125%
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
			
						Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
For forums it is pretty much standard to send a confirmation mail with login and password. Sure enough this is not very safe, but this forum has a quite different level of security than an online banking account for example.
So all I can say is:
Neither http protocol (=normal webpages) nor e-mail is safe, people should be aware of this. Never use one single password for everything.
Only https is encrypted and offers real security.
			
			
									
						
										
						So all I can say is:
Neither http protocol (=normal webpages) nor e-mail is safe, people should be aware of this. Never use one single password for everything.
Only https is encrypted and offers real security.
Sending a confirmation mail makes sense, but it's not necessary to include the password. Of course the security level of a forum is lower than that of a banking account, but in my opinion it should not be unnecessarily lowered further.
I hope the inclusion of the password in the confirmation mail can be turned off in the forum software. If not, it should at least be mentioned on the registration page that the chosen password will be included in the confirmation mail. Furthermore, an according request should be send to the forum software forum ... Hmm, it seems that there has been some discussion already:
- Password sent back by phpBB in welcome email
- Registration passwords in the clear.
			
			
									
						
							I hope the inclusion of the password in the confirmation mail can be turned off in the forum software. If not, it should at least be mentioned on the registration page that the chosen password will be included in the confirmation mail. Furthermore, an according request should be send to the forum software forum ... Hmm, it seems that there has been some discussion already:
- Password sent back by phpBB in welcome email
- Registration passwords in the clear.
-- Karl
			
						
