| ▲ | whynotmaybe 10 hours ago | |
Remind me of a forum a long time ago that sent me my password in clear when I used the "forgot password" link. When I advised them that it was a bad idea to store password in clear, they answered that they keep it in clear so that they can send it when someone forget. Defeated by such argument, I deleted my account. | ||
| ▲ | scorpioxy 7 hours ago | parent [-] | |
I've got a better one. I once had the same argument mentioned to me by my manager at the time when I pointed out that passwords were being stored in clear text. That it needs to be this way so that it is read/sent when the users forget their passwords(which happened a lot). I tried to explain that typically a "reset password" flow is used for that but that fell on deaf ears. That system contained healthcare data. Something bad did end up happening due to that lax security and there were oh so many meetings about it. | ||