does it make sense to send password information during email communication from websites

Posted by Samuel on Stack Overflow See other posts from Stack Overflow or by Samuel
Published on 2010-06-18T03:34:32Z Indexed on 2010/06/18 3:43 UTC
Read the original article Hit count: 229

Filed under:
|
|

Most of the online sites on registration do send a link to activate the site and on any further correspondence with the end user they provide information about the site and also provide the login credentials with password in clear text (as given below)

Username - [email protected] Password - mysecretpassword

What would you do in such a case? From a usability perspective does it make sense to send the password information in clear text or should you just avoid sending this information. I was under the impression that most of the passwords are MD5 hashed before storing in the database and hence the service provider will not have any access to clear text passwords, is this a security violation?

© Stack Overflow or respective owner

Related posts about security

Related posts about usability