O2

b. You do not explain why you want to argue that it is necessary to send passwords

I note you apparently glazed over my post which explained perfectly well the reason for this.

http://www.thebitmill.com/articles/password_email.html

Let's face it, this brief little bit of "information" is a joke, right? Reset the password and use the phone to get the new password? How is that even remotely sane, let alone sensible, let alone better than having it emailed?
An emailed password sent by an automated system is sent automatically, ie no human sees the password. If you get a new password assigned over the phone, at least one person knows it, the person who gave it to you. Thats an instant definite guaranteed person that knows the password, compared to the vague laughably tiny chance that someone might possibly maybe perhaps get the password from your email account.
Additionally, the notion that getting information by telephone is secure is even more laughable - Certainly as far as landline calls go, BT operators have the technical capability to listen in on any phone call in the country - Sure there are procedures in place to disallow them from doing so without reason, but they still have the ability to - Considering there are countless thousands of BT operators, this number of people who could potentially intercept your password is staggeringly vast compared to the number of people that could potentially access it on the way to your email account.
Advocating the use of a human + telephone over an automated system + email is a joke. I didn't bother reading the rest of the piece.

To be honest can't really see why you are having a rant against other O2 customers on here who might not share your point of view (I agree with them BTW). O2 do not come on this site or take any notice of it so all you are doing is giving yourself RSI from typing.

I do not think that requiring the users to delete emails should solve the bad-practice of sending passwords in email. I do not see any explanation on why sending passwords should be necessary. Can you explain that? cheers You could always post it A single password sent via email to enable you to log onto the main screen on a multi protected account (ie other methods of protection that were setup originally with the account) means absolutely nothing to anyone, If you have any really good ideas of how to send it securely (please dont say text message, I have 1 really serious point about that) then go for it I appreciate the sense of humour in the winks. But the issue remains the same: a. Sending passwords in emails is Bad Practice. Your assertion that an emailed password means nothing to anyone is a phallacy. b. You do not explain why you want to argue that it is necessary to send passwords (which it is not), But you boldly ask "if you have ..ideas of how to send it securely"... My simple answer is: It (i.e. passwords) should not be sent at all. If you think that emailing passwords is necessary: kindly expain why? cheers

I think I already explained why 😐
The password is just an access into your account where you should be asked set questions when the account was set up, 2 things spring to mind here, 1 a password to access that means nothing, it only puts you into another wall which you should know the answer to. 2, the major lack of security is normally down to the end user, ie you and anyone else who has an account.
If I said what type of password do you use? ie joeblogs or do you use J03-b1og5, chances are its the first one as most people wont add characters to their password as its too hard to remember.
You also say that passwords shouldnt be sent out at all, yes true but thats why there is multi level security available, that password means squat on its own.

Now the big question, if you lost your password (your pc died etc) what are you going to do except open a new account?

To be honest can't really see why you are having a rant against other O2 customers on here who might not share your point of view (I agree with them BTW). O2 do not come on this site or take any notice of it so all you are doing is giving yourself RSI from typing.

Hi Brendan.

I appreciate your honesty.

I did expect reactions along the lines of sheepdog's (basically: yeah it's crap, there is more nonsense in the world.). I did not expect the discussions by users insisting that they actually favour passwords being emailed. Some think the users should delete the emails upon reception, others favour hoarding them so they do not have to reset their passwords. I'm not sure to which group you belong.

I thought about it last night. I donot think it is an opinion thet sending emails with passwords is bad practice. In theory and policy it is excluded (lots of examples, this is supported by he fact that banks etc. never email you your passwords.). It is a fact that it is a bad practice, not an opinion.

If I am the only one here voicing dissatisfaction about O2's emailng of passwords to customers who expect O2 to behave as responsibly as a payment card processing institution, I can live with that.

cheers