Isn´t sending clear-text passwords back with forum-registration emails "worse than failure" too ? But this website does :-)



  • Isn´t sending the clear-text passwords back with forum-registration emails "worse than failure" too ?

     
    But this website does :-)

    Especially the forum has no activation link in the email, which is industry standard too.

     

    Just some little words

    about this BIG BIG GREAT website.

    Sincerely

    Rolf

     



  • If someone can read your email freely then you've got something more important to worry about, unless it's your work email in which case you shouldn't use it to register to anything. Believe me the last thing you need is extra spam in it.

     

    PS: Your title is too long. 



  • @CapitalT said:

    If someone can read your email freely then you've got something more important to worry about

    Yes, because you don't live alone with a DSL or ISDN connection. How terrible and unusual that must be.

    Otherwise, there exist plenty of people who can read your email freely. It's not encrypted over the wire or anything. 



  • @asuffield said:

    It's not encrypted over the wire or anything. 

    Sorry, my bad. (Low on coffee)
     



  • don't use your super-mega-secure bank passwords on this site.  Use your easy to type forum password.



  • I'm not sure whether the poor quality of the Forum software is deliberate irony or because Alex doesn't want to waste precious money along with his precious time...

     



  • If someone can snoop the password in the e-mail as it's being sent, he can also read it while the person logs in.



  • @hemmerling said:

    Isn´t sending the clear-text passwords back with forum-registration emails "worse than failure" too ?

    This is configurable in Community Server. I chose to include this in the email because I think it's very easy to find passwords when they're saved in a "Website Registration" folder in an email box. Can't really do this without your password in the email.

    I'm not sure what the problem is with plaintext passwords and email. This is not an SSL site, so if someone wanted to snoop emails along the way, they could probably do the same thing with HTTP traffic. Which would contain the password anyway.

    If your email box is unsecured, then that's a pretty serious problem. Wired ran an interesting article on what can happen when someone can read/send emails from your box. It was about some celebrity, but I could see an ID thief finding access to an email box very usefull.

    @hemmerling said:

    Especially the forum has no activation link in the email, which is industry standard too.

    Also configurable. Why require it? I find it inconvenient to wait for verificaiton emails. Who cares if someone uses an unverified email address in the forums?



  • I write this with any website in mind, not just this one...

     

    @Alex Papadimoulis said:

    Who cares if someone uses an unverified email address in the forums?

    I do if it involves me getting spam because [3rd party] decided to put my email address in. You've clearly not come across the phrases 'confirmed opt-in' and 'opt-in,' and their differences. (And I'm talking about Wikipedia's (current) definitions, not MailChimp's if you bother to Google for them)


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.