Never send me my password

I’m not a security expert myself, not even close, but for more than once, I’ve been greatly concerned about the risks for having accounts in several websites. I wonder myself why did the developers there go with the decisions that bad.

It’s already bad enough to use HTTP on your register/login page . It’s even worse when you send me my password in plain text. Either the one I chose or the one you randomly generated for me.

Oh please, I know what my password is
Oh please, I know what my password is

And this has happened more than once. Each time, it raises my eyebrows higher and higher. I don’t want to rant here – but it takes great deal of ignorance or laziness, or both, do do such as bad practice about securities.
Continue reading “Never send me my password”