This thread is frustrating. Everyone seems more interested in nitpicking the specifics of what OP is saying and are ignoring that a forum sends you your password (not an automatically generated one) in an email on registration.

  • lowleveldata
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    edit-2
    1 year ago

    It’s painless to use password resets

    Ya and have they send you the (one-time) password in cleartext

    • exal@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      (one-time)

      You make it sound like an irrelevant detail, but that’s kind of the key part. If implemented properly, it’s only valid once and for a short period of time, which greatly reduces risk.

      • lowleveldata
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Sure. I just want to point out that there is valid case when passwords are sent in clear text.

      • nous
        link
        fedilink
        English
        arrow-up
        16
        arrow-down
        1
        ·
        1 year ago

        Well, the tokenized link is essentially a clear text one time password. Not really any better than just a one time password except for the convenience that the user does not need to type it in. If someone gets hold of the link or password before you they can get access to your account.

      • lowleveldata
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        I don’t see how’s either way better or worse as long as they force you to change the password upon login