Email is unsecure - why are PWs sent by email?

All they have to do is monitor our emails, then do a pw request. They see the pw request come through and log into our account. Bam, all your domains and hosting is all fucked up now.

Is it really that easy?

No, not quite. First, someone has to install a virus either on your computer, or the company's web server. From there, they can sniff the packets, and get any messages being sent to / from the system the virus is installed on.
 
  • Like
Reactions: Lord B


No, not quite. First, someone has to install a virus either on your computer, or the company's web server. From there, they can sniff the packets, and get any messages being sent to / from the system the virus is installed on.

Or a mitm if you're on an unsecure network, which most people are nowadays. This is why I never check any important accounts if I'm working at a coffee shop or library or whatever, unless using a vpn...
 
Any company that sends a password in plain text should die in a fire because they don't understand basic web app security practices.
I do it, and you can go fuck yourself along with the rest of the world.
Most users are too fucking dumb to figure out how to reset a password. The concept is just too much for them to grasp.
So when attempting to recover a forgotten password, if you send them an e-mail with instructions on how to reset it, they'll fuck it up somehow and end up wasting your customer service time.

Instead, send them their password in plain text via e-mail and be done with it. Of course, in order to able to do so, you must store passwords in plain text, not using one-way hash or anything like that. Which some experts say is a bad idea. But fuck them too.

The 0.0002% of customers that decide to whine about receiving their password in plain text can go fuck themselves as well. Life is too short to waste on customers, their petty concerns, and their silly privacy.

All I want is their money. Fuck anything and everything else about them.