Plaintext Password sent by Mail after Registration

[miazma]

Hi

I just registered to this forum and was a bit stunned when I received an Email asking for activation by email verfication, which also contained username and password in plain text.

IMHO the password should be put directly into the database with proper encryption and never ever go anywhere else. This has been common sense for almost decades.

In this case, this plain text password is now stored on many many servers (mail servers for example), as mails are might sometimes be sent using encrypted channels, but in this case are for sure not encrypted themselves.

I would strongly suggest changing this behavior

[karmathanever]

Once confirmed as a member you can change your password as many times as you wish.
If of course you use the same password for other login purposes (e.g. mail, banking etc..) then that is dangerous and I recommend you change that practice immediately.

Receiving "text" login confirmations is common practice for these types of public forum.

If you ever find or think that someone may be using your forum login, change your password and also PLEASE let us know.

The security on these forums (login/password) is designed to enable you to publicly post comments, questions and support.

Like in most public forums, there is not a high security risk. Administration access is of course more critical.

If someone did manage to track your initial password there is little they could do with it other than perhaps post annoying texts - you have complete control of that.

So if you are still worried, please change your password now and all will be fine.

Cheers

Pete