Would you trust a site that did this?

[SexyGreyFox]

Like a lot of people I register on websites or other Forums (yes there are others) but sometimes I forget my login details so send for a recovery password.

A particular site called Audiospares (I didn't need to blank their name out) has sent me full login details back
I've sent for 100s of password recoveries but never have I seen my full details sent back.

 

[Mynight]

Thanks for the login .

It's poor practise sending any account info to an email address in my opinion. The very most should be a username if forgotten.

 

[Jono8]

*looks at password*


Someone thinks highly of themselves

 

[tom_e]

Plenty of places send them in the original registration email, not great but I don't see the difference.

 

[peterwalkley]

Certainly not with any payment information. If that side is handled separately then fair enough, otherwise it would only be paypal.

Its a good illustration of why you should always have a different password for every site.

 

[pastymuncher]

That's really poor and should never happen.

On a side note, sexygreyfox!! You sexy beast!!

 

[touch]

Thanks for the login .

It's poor practise sending any account info to an email address in my opinion. The very most should be a username if forgotten.

The main problem is not that they are sending out the info by email, the problem is that they are obviously storing passwords unencrypted!

 

[Mynight]

The main problem is not that they are sending out the info by email, the problem is that they are obviously storing passwords unencrypted!

Figured that went without saying sorry.

Assuming it was a password he's used before rather than a randomly generated one.

Damn he uses a different password for OCUK .

 

[Ace Modder]

sexygreyfox is NOT your forum password here

And no, the company should never be able to see your passwords especially when it is a store that has access to payment details etc. It shoudl always be encrypted.

For example ocuk forums, the admins cannot see any user passwords - that is how it should be.

 

[Cosimo]

On a side note, sexygreyfox!! You sexy beast!!

Dimple should change his name to that.

 

[Mynight]

Dimple should change his name to that.

Vote name change!

 

[Ghosteh]

Not at all as that is a basic level of security I expect. It would make me consider how they stored other details too.

In the past I used to register for a website, then immediately request my password to see how they stored it, and this would help me decide on what type of password I would use, and what information I would store on their servers.

 

[SexyGreyFox]

Of course that isn't my username & password above but my OCUK one should take 57 years to crack, apparently).

 

[FrenchTart]

Come on - someone must be able to work out what website it is in the OP

 

[Mynight]

Of course that isn't my username & password above but my OCUK one should take 57 years to crack, apparently).

What password requires 57 years to crack?

 

[touch]

Come on - someone must be able to work out what website it is in the OP

He has been smart and not given enough info. I'm pretty sure nobody will be able to guess the site from the details he has supplied.

A particular site called Audiospares

 

[Siliconslave]

really bugs me when sites either do this, or send you a registration confirmation with the password in plain text - insanely bad practice - i'd be very tempted to complain to them and possibly trustwave / trustedshops that supposedly have certified them

 

[Maccy]

I dislike it when I register somewhere and it tells me the password in confirmation email, doesn't seem very secure.

 

[GinG]

I see you have changed the password already

 

[fatiain]

I had this from a "secure" website we use at work, in the POLICE STATION?

Really?

:/