Support » Plugin: Emergency Password Reset » Don't email passwords!

  • Emailing people their passwords is a bad idea. Email is an insecure medium, easily intercepted or spoofed, unless you use encrypted mail and have SPF and DKIM set up properly etc (which basically nobody does).

    Instead, the plugin should email people a one-time link that they can use to reset their password, or just a link to the “Forgotten Password” page, while scrambling their password.

  • The topic ‘Don't email passwords!’ is closed to new replies.