One other note:
- Emailing lost passwords to users
Never, ever, ever store passwords in the clear, anywhere. If a user forgets their password, generate a temporary one and ask them to create a new password.
Plenty of people re-use passwords on different sites, all it takes is for one of those sites to store passwords in the clear to compromise the accounts of multiple sites. On a smaller scale, all it takes is hacking an individual's email account and doing lots of lost password requests to get one or two of their common passwords.
-- jet / KG6ZVQ http://www.flatline.net pgp: 0xD0D8C2E8 AC9B 0A23 C61A 1B4A 27C5 F799 A681 3C11 D0D8 C2E8 ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
