Please don't send username/password in confirmation email.

by **pirripb** » Apr 6th, '08, 21:03

Sending our password in the forum sign up confirmation is a very bad idea. Email travels un-encrypted and bounces off of many random servers until it finds its destination. Anyone along the way who happens to be listening could potentially grab the password.

by **Chip** » Apr 6th, '08, 21:55

pirripb wrote:Sending our password in the forum sign up confirmation is a very bad idea. Email travels un-encrypted and bounces off of many random servers until it finds its destination. Anyone along the way who happens to be listening could potentially grab the password.

As true as your comment may be, it is soooo commonly done. I mean it is the norm, everyone does it when you sign for virtually anything.

One solution is to sign up with a secondary password...then edit it later which would not be emailed.

by **pirripb** » Apr 6th, '08, 22:31

Well, that's good practice, but it shouldn't be necessary. Besides, what's to say that they won't email your password whenever you change it.

Emailing a password is simply something you should never do; that's all there is to it.

I'm not so sure it's common either. At least, I can't ever remember seeing it done before.

by **Space Samurai** » Apr 6th, '08, 22:39

I totally know what you mean. This one time, someone got my password, then they logged on and started talking about tea that I would never drink, lavendar and chamomile and what not. It was horrible. To this day people still think I shopt at Republic of Tea. Its so humiliating.

by **Chip** » Apr 6th, '08, 22:40

pirripb wrote:Well, that's good practice, but it shouldn't be necessary. Besides, what's to say that they won't email your password whenever you change it.

Emailing a password is simply something you should never do; that's all there is to it.

I'm not so sure it's common either. At least, I can't ever remember seeing it done before.

I see it done constantly...register on most sites who send confirmation emails...it shows your user name and password.

by **Chip** » Apr 6th, '08, 22:41

Space Samurai wrote:I totally know what you mean. This one time, someone got my password, then they logged on and started talking about tea that I would never drink, lavendar and chamomile and what not. It was horrible. To this day people still think I shopt at Republic of Tea. Its so humiliating.

I will see if we can set the password to automatic default using the user name as temp password...and instructing new member to change it promptly.

It is a good point, no argument there at all.

by **scruffmcgruff** » Apr 7th, '08, 00:58

pirripb wrote:Well, that's good practice, but it shouldn't be necessary. Besides, what's to say that they won't email your password whenever you change it.

Emailing a password is simply something you should never do; that's all there is to it.

I agree; it really shouldn't be necessary. As to Space's comment, sure, nobody really cares about what is said on this forum, but someone could use that password on other more important accounts (bank, paypal, etc.), assuming the person uses one password (which many of us do), and do some serious damage. Of course, it's a longshot, but it happens enough to be a legitimate concern, IMO.

pirripb wrote:I'm not so sure it's common either. At least, I can't ever remember seeing it done before.

I actually have seen this quite a few times. Still, that doesn't make it a good practice, just a common one.

by **Space Samurai** » Apr 7th, '08, 01:05

scruffmcgruff wrote: I agree; it really shouldn't be necessary. As to Space's comment, sure, nobody really cares about what is said on this forum, but someone could use that password on other more important accounts (bank, paypal, etc.), assuming the person uses one password (which many of us do), and do some serious damage. Of course, it's a longshot, but it happens enough to be a legitimate concern, IMO.

Fair enough.

by **Chip** » Apr 7th, '08, 01:19

Ilya reads this thread regularly...I would like his take on this. If it can be changed easily, I would be in favor of setting a default password instructing the new member to change it the first time he visits TeaChat.

by **forkyfork** » Apr 7th, '08, 08:57

While I do see passwords sent in plain text a lot, that doesn't mean it's the best practice.

Encryption and what-not aside, if I open the e-mail and my password is in plain view, someone looking over my shoulder could see.

I'm okay with my password being sent if I personally request it. But when I register, it is very annoying. I know what my password was, I just typed it!

by **jazz88** » Apr 7th, '08, 11:11

I wouldn't be concerned because: a) there is no personal information b) no $$ involved. Just change your password – end of story.

by **scruffmcgruff** » Apr 7th, '08, 11:49

jazz88 wrote:I wouldn't be concerned because: a) there is no personal information b) no $$ involved. Just change your password – end of story.

Try reading the rest of the thread before you respond to the original poster; these issues have already been addressed.

by **jazz88** » Apr 7th, '08, 17:46

@scruffmcgruff Not that I particularly care but your tone is rather rude.

by **scruffmcgruff** » Apr 7th, '08, 20:23

Indeed, as was yours. You were dismissive of a reasonable concern, so I was dismissive of your comment.

by **Chip** » Apr 7th, '08, 21:10

However...there is nothing worth getting in a huff about.

So...let's be friends.

teachat powered by adagio teas

Seoul - Teashops ?

Hi from France

Hi all tea friend - from Vietnam with love

New to TeaChat? Introduce yourself here!

Ken Kang-Hawaii ceramics

What is diffirent between fuerh tea and liu bao tea?

Can someone identify this teapot?

Could someone translate the stamp on my Zisha?

Hi everyone

Newbie

Stomach issues

Hi to all

Please don't send username/password in confirmation email.

Please don't send username/password in confirmation email.

Re: Please don't send username/password in confirmation emai