Hacker News new | past | comments | ask | show | jobs | submit login

"There is NO SECURITY DOWNSIDE to emailing a user's password to them vs. having some multi-step reset procedure."

That may be true from a site admin's POV, but consider that many people use the same password for everything. Plain text passwords flying through the pipes and then laying about on mail servers is a security risk for the naive user.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: