https://bugzilla.wikimedia.org/show_bug.cgi?id=56194
--- Comment #14 from Steven Walling <[email protected]> --- (In reply to comment #13) > Well, but saying "Fill one of the fields to receive a password email." would > be > very bad, as it would imply that we will mail the user his own current > password, which in turn would imply that we store passwords in plaintext. > Luckily we don't do either of these things, and we shouldn't make it seem > like > we do. > > The current text is fine to me; feel free to improve it, but please preserve > this distinction. I agree with Bartosz here. As a user, if you tell me you're going to email me a permanent password via email, this seems insecure, since email services are notoriously easy to access.[1] Better to be clear with the user in this case, even if it's redundant with the text of the reset email sent to them. 1. https://en.wikipedia.org/wiki/Sarah_Palin_email_hack -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
