[Plugin: SB Welcome Email Editor] Plain text password stored

  • Resolved groovymoose

    (@groovymoose)


    11 years, 10 months ago

    Hi

    I really like the plugin – enhances the user experience and it works.

    However I would like you to add a warning – in BIG LETTERS – that enabling the ‘Remind PW’ feature results in the plain text version of passwords being stored. This is generally considered to be a poor security practice.

    Clearly a moment’s thought should have been enough for most people to realise that enabling this feature means that the password will be stored in plaintext (or encrypted but with a plaintext key I guess). I must confess that I did not expend a moment’s thought!

    I have now disabled it and deleted the plaintext from the user meta table.

    I can see that some admins for some sites would welcome this feature, but I really think a big warning should be out there to explain the consequences of enabling it.

    Many thanks

    http://wordpress.org/extend/plugins/welcome-email-editor/

Viewing 1 replies (of 1 total)
  • Sean Barton

    (@seanbarton)

    11 years, 7 months ago

    I agree. This is why I added the ability to turn off the reminder system so it doesn’t store anything. Of course there is no other way to remind people of their password like this than to store it. I suppose people can now, using this switch, make their mind up as to whether they want it on or not.

    Thanks for voicing your concerns.

    Sean

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: SB Welcome Email Editor] Plain text password stored’ is closed to new replies.

Tags