97% of web users don't care about security and don't give more than a couple seconds of thought to how passwords should be handled.

Nonetheless, web sites should still have reasonable password management. This forum e-mails new account passwords in plain text. Unfortunately, e-mails have a nasty habit of never completely disappearing even after the user hits the delete key. Passwords (except for one-time temporary passwords) should never be put in e-mails (even for a low security web site like a graphic tool forum).

On the plus side, this forum's welcome e-mail message states, "Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you." That part is good.

How do you suppose you would inform a user of their password if they can't read it?

Don't take it personally...

Wow, my criticism of this site's password management must have really struck a nerve!

How do you suppose you would inform a user of their password if they can't read it?

The user just typed it in a few seconds earlier. The user would really have to be out of it to forget his or her password in 5 seconds.

pilaftank wrote:

Don't take it personally...

Wow, my criticism of this site's password management must have really struck a nerve!

Nope. Any account that has a sig. and does not post about Inkscape is suspect.

The user would really have to be out of it to forget his or her password in 5 seconds.

It happens--all the time. And all major services offer password retrieval, and those passwords are always emailed. I didn't design the system this board uses, but its security system in regards to password management is nothing out of the ordinary.