[Plugin: SB Welcome Email Editor] Plain text password stored
-
Hi
I really like the plugin – enhances the user experience and it works.
However I would like you to add a warning – in BIG LETTERS – that enabling the ‘Remind PW’ feature results in the plain text version of passwords being stored. This is generally considered to be a poor security practice.
Clearly a moment’s thought should have been enough for most people to realise that enabling this feature means that the password will be stored in plaintext (or encrypted but with a plaintext key I guess). I must confess that I did not expend a moment’s thought!
I have now disabled it and deleted the plaintext from the user meta table.
I can see that some admins for some sites would welcome this feature, but I really think a big warning should be out there to explain the consequences of enabling it.
Many thanks
- The topic ‘[Plugin: SB Welcome Email Editor] Plain text password stored’ is closed to new replies.