Passwords in email

Dear web sites:

Please do not send me my password in plain-text in an email. My email is not necessarily secure. The protocols by which email is sent through the Internet are unencrypted. When you send me an email with my password in it, I delete it immediately. phpBB does it. So does Geni. Movember did it, too. There are only two cases when you should send me a plain-text password in an email:

  1. When I create an account, and you generate a password for me.
  2. When I tell you I forgot my password, and you generate a new password for me.

The fact that you even can tell me my password in plain-text indicates to me that your database is insecure. Anyone with access to it would be able to get everyone’s plain-text usernames and passwords. Please change your database schema to use a one-way hash to store passwords.

Comments (2)

  1. Bizarro wrote::

    I’m on your side.

    Saturday, February 7, 2009 at 11:24 #
  2. brian wrote::

    dont forget the salt

    Sunday, February 8, 2009 at 23:01 #