Page 1 of 1
Account password sent to the registered email address
Posted: Mon Oct 05, 2015 12:03 pm
by kalox
This is a security issue and should not be done.
Re: Account password sent to the registered email address
Posted: Tue Oct 06, 2015 5:53 pm
by Radon26
one, don't register with someone elses email.
two, you can delete it.
you know, some poeple can actually appreciate that they are doing this.
i mean, if you somehow misspell or forget the password, the account is essentially lost.
sure you can apply for a change of a password, but how will you receive a new password without it being sent to the email?
and that's assuming it is send at all...
Re: Account password sent to the registered email address
Posted: Mon Oct 12, 2015 9:32 am
by Fiddlesnarf7
No matter how you look at it, it's a security risk. "Hacking" someone's email is usually pretty easy due to outdated security questions, forgetting to log out or other reasons why someone could get access to your email. I've done it a few times to get back at bullies and usually the questions are quite easily answered.
Once you'd have access to the email, you could use this forum to get their password, which brings in a whole world of pain if you reuse your passwords.
The better solution would be to just allow the user to change his password through a link in the email instead. Worst case scenario would be that his forum account is hacked, which....doesn't matter that much anyway
Re: Account password sent to the registered email address
Posted: Sat Oct 24, 2015 7:04 pm
by Atarlost
That's not how it works. Your password is at least hashed on the server. They have the salt if there is one and could theoretically crack the hash to get the plaintext password out, but that's a lot of trouble and the server is busy with more important things like serving websites. You get a new completely random string.