I did some PHP for a client forum. Account resets sent passwords in plaintext through emails. I notified him that it is a bad practice and very not secure. I proposed solutions but he categorically refused and did not see anything wrong with doing that.
I still sometimes receive a plain text password in email when I click forgot password. Then I start hating people there. Ok, you store the passwords probably in clear text. At least don't send it back into the wild.
I did some PHP for a client forum. Account resets sent passwords in plaintext through emails. I notified him that it is a bad practice and very not secure. I proposed solutions but he categorically refused and did not see anything wrong with doing that.
I still sometimes receive a plain text password in email when I click forgot password. Then I start hating people there. Ok, you store the passwords probably in clear text. At least don't send it back into the wild.
Oh you mean passwords that are already set on the account. Yeah, that's a big no-no.