It amazes me how many sites allow you to enroll, and then you send an e-mail to the address you registered contains your password in plain-text. There have been warnings that the site will use your email password, for all to see.

Send a password via e-mail function if you forget your password. Site changes and e-mail you a new one, which you then use to log in and change it to the other. E-password that is sent is not active for very long, and that it is not something you choose.

Send your password to your own, whether in an e-mail after you register, or as a response to a “forgot password” security bad request. Security really bad.

This merger is the fact that the e-mail service like Google’s Gmail privacy policy states that “deleted” e-mail can be stored permanently on the backup server. Immediately after someone e-mail you your password in plain-text, to your Gmail account, Google is likely that there are archived forever.

You can not tell whether a site that will do this, so it is not possible to use the “less sensitive” password for the site to e-mail your password back to you. If you have a group password, one for the sites you use to pay for something, one for the forum, which is less important to other sites, for example, then you can enter your “regular” without a password may be compromised by knowingly sent in e-mail , seen along the road who want to read it.

Sites should seriously consider the security implications of sending the password via e-mail, especially if there is no prior warning that this will happen!