O2

As long as there are other security features incorporated into changing your password, then sending a new one by email (open as it is), there is no real issue (and I have worked in security).
As said already, if you have another form of security, ie password/name of dog/cat/rabbit etc so you have to change your password before logging on (normally done during setup of account) then its far better, if its just an email and straight in, then no.
/quote]
I do agree that there should be a process to ensure someone is who he/she claims to be when someone wants to change their password. This may, of course involve exchanging other information than the password.

I disagree on that it should be OK to email passwords. Can you explain why this should be necessary? It exposes the customer/user to unnecessary risk. If you disagree that it is bad-practice I would like to hear some arguments.

cheers.

I disagree on that it should be OK to email passwords. Can you explain why this should be necessary? It exposes the customer/user to unnecessary risk. If you disagree that it is bad-practice I would like to hear some arguments.

It doesn't expose the customer to any realistic risk at all - If you don't want the email hanging round containing it's plain-text password, delete it, the copy of the password that's sent via email is the only plain-text copy that exists as when the email is sent the password then gets hashed into the database from which it is then irretrievable (leaving aside the potential use of a weak hashing method).

Compound this with the fact that it's only "bad practice" when the user themselves specify a password they use in countless other places (user's own fault, if you're using the same password on a forum as you use for financial logins you have far bigger security problems than a password being sent to you in an email that you can then delete and the only plain-text copy of which is gone forever, anyway) and even then you have a "risk" that's tiny, as the plain-text password is still only sitting in the user's own email account.
Before you bring up the subject of interception of the email or the user's download of the email I note you don't seem to have a problem with the fact that the O2 forum, much like almost every forum on the planet, uses plain http for the signup page, so the password is just as interceptable when you submit it in the first place. More so in fact, as HTTP data is logged in all kinds of places as a matter of course, ESMTP message content is not.

I do not think that requiring the users to delete emails should solve the bad-practice of sending passwords in email.
I do not see any explanation on why sending passwords should be necessary. Can you explain that?
cheers

I disagree on that it should be OK to email passwords. Can you explain why this should be necessary? It exposes the customer/user to unnecessary risk. If you disagree that it is bad-practice I would like to hear some arguments. It doesn't expose the customer to any realistic risk at all - If you don't want the email hanging round containing it's plain-text password, delete it, the copy of the password that's sent via email is the only plain-text copy that exists as when the email is sent the password then gets hashed into the database from which it is then irretrievable (leaving aside the potential use of a weak hashing method). Compound this with the fact that it's only "bad practice" when the user themselves specify a password they use in countless other places (user's own fault, if you're using the same password on a forum as you use for financial logins you have far bigger security problems than a password being sent to you in an email that you can then delete and the only plain-text copy of which is gone forever, anyway) and even then you have a "risk" that's tiny, as the plain-text password is still only sitting in the user's own email account. Before you bring up the subject of interception of the email or the user's download of the email I note you don't seem to have a problem with the fact that the O2 forum, much like almost every forum on the planet, uses plain http for the signup page, so the password is just as interceptable when you submit it in the first place. More so in fact, as HTTP data is logged in all kinds of places as a matter of course, ESMTP message content is not.

Why is there an issue with emailing passwords? I cannot really understand it, is it because you believe they are easier to be hacked and stolen from the database on O2's end? Or somebody hacking your email and reading all your passwords in your inbox?

In my opinion, if it is the 1st reason then I wouldnt know what to think as the chances of that happening are probably extremely slim and if it is 2nd reason, surely every user has a responsibility for their own security as well and a simple delete is easy if you are worried about this. And with O2, they have extra security questions so this person who hacked your email would need alot of extra information about you to have the password resent in an email?

I do not think that requiring the users to delete emails should solve the bad-practice of sending passwords in email. I do not see any explanation on why sending passwords should be necessary. Can you explain that? cheers

The reason is perfectly simple, Joe home user doesn't employ proper password security anyway, which will result in one of two things:
1) the user will supply their common password that happens to be shared with a number of other sites, which means they will already have messed up as they provided the password to the forum via an unsecured connection in the first place - Receiving the password via an email then deleting it because they know the password doesn't provide any significant further security failing than using a shared password, and using it over an unsecured connection, in the first place.
2) The user will have the partial sense to use a non or only semi re-used password, but then when they check their bill or the forum every few weeks they constantly forget the password. The user could reset their password every sinlge time to a new value, but users are lazy so this won't happen. What will happen, is theyll have this password stored somewhere in viewable format. If it wasn't in an email from o2, it'd be on a piece of paper or a text file on the user's computer, both of which are less secure than in a further passworded email account.

Thus, o2 is giving a choice. If you're a dumb enough user that the password must be stored and know nothing of encrypted containers (ie 99% of users) then the password being stored in a passworded email account is the safest place for it, it's safer here than it was being transmitted in the clear via http to o2 (or any other forum) in the first place. If you don't need to store the password, then you can just delete the email, and all trace of the unhashed password is gone.

I do not think that requiring the users to delete emails should solve the bad-practice of sending passwords in email. I do not see any explanation on why sending passwords should be necessary. Can you explain that? cheers

You could always post it

A single password sent via email to enable you to log onto the main screen on a multi protected account (ie other methods of protection that were setup originally with the account) means absolutely nothing to anyone, unless you know the rest of the account details then its just a word or normally a group of characters, your then meant to log in, be given a series of other questions that you set up and then log into your account, if your then stupid enough not to change your password, well thats user error.
It is also very hard to intercept one single email out of billions that fly around, and its usually due to lack of computer security that lets people access your account (be it via malware or being hacked) in the first place, ie the user.

If you have any really good ideas of how to send it securely (please dont say text message, I have 1 really serious point about that) then go for it

I do not think that requiring the users to delete emails should solve the bad-practice of sending passwords in email. I do not see any explanation on why sending passwords should be necessary. Can you explain that? cheers You could always post it A single password sent via email to enable you to log onto the main screen on a multi protected account (ie other methods of protection that were setup originally with the account) means absolutely nothing to anyone, If you have any really good ideas of how to send it securely (please dont say text message, I have 1 really serious point about that) then go for it

I appreciate the sense of humour in the winks. But the issue remains the same:
a. Sending passwords in emails is Bad Practice. Your assertion that an emailed password means nothing to anyone is a phallacy.
b. You do not explain why you want to argue that it is necessary to send passwords (which it is not), But you boldly ask "if you have ..ideas of how to send it securely"... My simple answer is: It (i.e. passwords) should not be sent at all. If you think that emailing passwords is necessary: kindly expain why?

cheers

Why is there an issue with emailing passwords? I cannot really understand it, is it because you believe they are easier to be hacked and stolen from the database on O2's end? Or somebody hacking your email and reading all your passwords in your inbox? In my opinion, if it is the 1st reason then I wouldnt know what to think as the chances of that happening are probably extremely slim and if it is 2nd reason, surely every user has a responsibility for their own security as well and a simple delete is easy if you are worried about this. And with O2, they have extra security questions so this person who hacked your email would need alot of extra information about you to have the password resent in an email?

Hi Supergtaz:

There is an issue with emailing passwords. It is Bad Practice.

Google on "emailing passwords bad practice" and you'll find many referencs.
One clear one I like is http://www.techconsumer.com/2008/02/11/bad-form-companies-still-sending-my-passwords-via-email/

at the start I also mentioned this source

http://www.thebitmill.com/articles/password_email.html

cheers.