A lot of websites send you a plain text email with your information, including a password in plain text right after you created an account with them.
I've wondered about the same thing. You can use https for when the user is entering his new password, and you can store a hash of the password in the database instead of the plain password.... but if then you will just email the password back as plain text, then what is the point?
Slashdot Mirror
A lot of websites send you a plain text email with your information, including a password in plain text right after you created an account with them. I've wondered about the same thing. You can use https for when the user is entering his new password, and you can store a hash of the password in the database instead of the plain password.... but if then you will just email the password back as plain text, then what is the point?