Hacker News new | past | comments | ask | show | jobs | submit login

> There is NO SECURITY DOWNSIDE to emailing a user's password to them vs. having some multi-step reset procedure.

Yet another downside is that the hacker can continue to access your account indefinitely without you knowing. If they have to reset the password then you'll find out the very next time you go to login.

Despite this I agree that the usability gains from using viewable passwords can surpass the security disadvantages.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: