pzi Posted February 1, 2017 Share Posted February 1, 2017 1. Please remove the sending of password in the default email templates account.(html|txt) for version 1.6 (as it is in 1.7, and as it should be since very very very long time). There is big risk that we forget to remove this in a language after an update of emails. It does not look very serious to send passwords to customers by email... as it just happend... 2. Please do not change the customer's password. Do not accept it and give a message if you really want to. Backslashes are removed silently from password in Tools::getValue(), it is a common character when using password managers. 2 Link to comment Share on other sites More sharing options...
bwjohnson Posted March 2, 2017 Share Posted March 2, 2017 I totally agree with this. I just signed up for an account and got my email included. I think that this is a bad way to communicate, and the password should be removed. 1 Link to comment Share on other sites More sharing options...
chrisspelberg Posted June 29, 2017 Share Posted June 29, 2017 This issue is the primary reason why I created a forum account: Please stop using insecure password practices like sending it in plain text using email. Thanks! Also thanks for the great product Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now