Password sent by email on signup


#1

I don’t know (and don’t care) if this has been reported before or not, but whose bright idea was it to send password through email??

You’re not supposed to send password in plaintext by email! Even if they’re automatically generated! I mean you don’t even require the password to be reset upon first login. Very bad security practice.

Please, change your procedure/policy.


#2

Wow, thanks for the vehement feedback!

I assume that this occurred when you applied for basic auth API via the portal? If so, we know it’s not good practice, that’s why it can be disabled :slight_smile: