General discussion
-
Topic
-
Is Emailing passwords really a good idea?
LockedI know there are sites out there that when you register, they email you your password.
Or, if you forget your password, they’ll email it to you.
Is this really an ok process?
The reason I ask is because I’m currently developing a member area of our website where the user would have to login. I am trying to decide how to handle the passwords.
[i]Note: I am not a learned web developer, I am one who is learning on the fly. [/i]
Right now the Register Form info is sent to me via an email. If a user chose their password using this form, I get the feeling that the info could be compromised. Am I right? What if it was on a secure server?
Then the other part – if they forget their password, is it ok if I email it to them upon request?
Email just seems rather risky to me.
I read once that you should aliken sending an email to sending a postcard in the mail. Any hands that it goes through can see the message.The site is using ASP pages with an Access DB. If you have any suggestions of how to handle the passwords other than emailing them, I’d be much obliged!
Tink 🙂