| ▲ | addandsubtract 9 days ago | |
This reveals the user's password (even if temporary) in plain text in an unencrypted email. Basically the last thing you want. A better workflow is to send the user a link where they can set their initial password themselves. | ||
| ▲ | mediumsmart 8 days ago | parent [-] | |
same thing in blue which additionally opens the door for someone else to change their password and lock them out, never mind the quality of passwords users set initially etc. Looking at you, mum, registering a new account everytime you forget the last password. | ||