I just registered my new account and when I opened my confirmation mail, guess what? i found my password there in open plain text.
Well, that's not good. It tells me that you store my password in your database, instead of hashing it, and then you send it over the internet? This is my light-weight password and I use it for practically every non critical logon on the internet like forums, etc.
Sorry for complaining, but I just got angry looking at my password in the confirmation mail. I was looking at it alone, but what if I wasn't?
So IMHO if you store the plain password in the database (bad practice I think), then you should provide a random password instead of asking the user for one. And IF you ask the user for a password that you are going to store in the database and send around in emails, then you should tell him about that in big bold red letters size 24 directly next to the password field.
How many users do you probably have in this forum who provide the same password they use for the email-account they provide in here? What happens if a bad intended person gets to that data? He can read all of their mail, without even being noticed.
PS: This is my second tron identity I am registering here. I wouldn't tell which is the other one, but if you are curious, just run a select query with my password and take a look who shows up in the result...
(admins only of course)
