Ceri Davies wrote: >>> Well, you could reset them to random value X, mail out X, then require >>> that they are changed immediately. Not saying that's any more secure, >>> just that it is possible. >> It's far less secure. > > Than having questions, yes. Than just mailing a password, I doubt it.
We can't make any assumptions about the security of either the mail transport, or the security of the mail destination - neither of which we control. The strength of any security system generally degrades to be that of the weakest component in the system. We won't be mailing plaintext passwords, it is way too insecure. -- Alan Burlison -- _______________________________________________ website-discuss mailing list [email protected]
