A call for the end of plain text passwords

This is a plea for web services to stop sending plain text passwords through email.

One of the many examples of plain text passwords being transmitted through email.

Nothing strikes fear into our hearts like seeing one of our secret passwords, that we have guarded with our lives (well, maybe not so much), displayed in plain text. Even though you would be hard pressed to find anyone who approves of the practice, we find many websites that greet their new users with an email containing their super-secret password. As you open that email you almost feel betrayed. The password that you have worked so hard to protect is right there in front of your eyes.

Even if there is no significant security risk to transmitting passwords via plain text, it gives users the impression that security is not a top priority for the creators of the site. There is no reason for this practice to still be in existence today. Good password management technology for websites is very prevalent. If you can't build a proper password system for your site, just opt for using OpenID or another similar service.

I propose that all sites should have an automated password reset system that either allows the user to create a new password from an authentication link or through a one-time use password, sent to their email. Plain text passwords should never be displayed or sent through email.

No more excuses. Let's squash this lazy practice once and for all.

Tech Culture
About the author

    Harrison Hoffman is a tech enthusiast and co-founder of LiveSide.net, a blog about Windows Live. The Web services report covers news, opinions, and analysis on Web-based software from Microsoft, Google, Yahoo, and countless other companies in this rapidly expanding space. Hoffman currently attends the University of Miami, where he studies business and computer science. Disclosure.


    Discuss A call for the end of plain text passwords

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Articles from CNET
    Groupon to launch its own food delivery and takeout service