|New Registration Email|
I am new registrant. For security reasons I am uncomfortable that the confirmatory email contained my password.
I suggest that the password be sent only when explicitly requested; or if unsolicited, have it at least partially masked.
That email is the stock response produced by SMF .. I'll have to dig around to see if it can be easily modified.
is this though the only complaint you have had Ken for this?
I would think some people would like it, especialy if they had forgoten the email
i.e if you change it, then there will be some that would have prefered it
i.e what does the majority think?
if it could be optional in the registration setup then that would be an idea
This is not exactly a high security site like a bank or a CC company. People should be using a different PW for every site they visit, so this PW should not have much, if any meaning anywhere else.
Yes, this is the first request (in 6 years of forum operation) for the registration activation message to be PW expurged.
I also think there are some who appreciate it while common security sense knows that email is not necessarily secure and
passwords should not be exchanged in clear-text messages to prevent possible interception and compromise.
Also agree that passwords should be unique per registered site to prevent the compromise of one from taking all your identities down.
So.. I will look at adding an option in the registration to supress the password from being sent in the activation message.
| Message Index|