> > - Emailing lost passwords to users > > Never, ever, ever store passwords in the clear, anywhere. If a user > forgets their password, generate a temporary one and ask them to create > a new password.
Thanks, Eric. I hate it when people send me a "congrats, you're signed up, and your password is BLAAAH" email -- it shows me they just don't get it, and absolutely, it puts all of my other accounts at risk. I meant more of "email a reset password link" to users. Then again, your approach might be better because people can navigate to the site on their own rather than trusting a link in an email (which could be phishing them, technically). Would you agree? Meredith ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
