Never send a password in an email
Friday, 23 December 2011
Emails are not safe:
- They are sent via the network in plain text so any attacker snooping the net could grab it.
- They are stored in plain text, if somebody gains access to my computer they could be read, same if someone breaks into my email account.
Double whammy if you send the login on the same email.
The linked pdf has a lot more information and solutions, if you’re implementing password recovery in your site read it.