Do not send password in confirmation email!

I, after registering I noticed that my password has been sent to me in the confirmation email.
I suggest to immediately calculate the hash and forget the original password as soon as possible in the data processing.

So logging in works as follows:

User enters password, server creates hash, compares created hash with hash of the known password, if they are identical the user is authorized.

I think sending the password via email is not necessary.

I signed up yesterday and was not very pleased that Comodo chose to send my password back to me in unencrypted email. What are you thinking? The OP posted this MONTHS ago, and you still have not addressed the issue???

Like many people, I have signed up at several different and diverse forums, and I tend to use the same password for each. I can’t believe that a company dedicated to internet security would send the password back to me this way!

Please change this policy, or at least explain why you think it is necessary to send our passwords back to us? Also please explain why no one ever responded to the OP’s post.

Thanks

I assume you are talking about this forum registration…and I’m not sure if Comodo can do anything about it. This forum is powered by SMF.

I believe you are right. I’ve search’d for a “Mod” at smf but Couldn’t find anything resulting in a “defualt password first then change after first login”…

Jacob

It is still Comodo’s forum, and they are the ones responsible for its operation. Perhaps Comodo has been in touch with SMF and asked them to change this policy, or asked how they can change it, but there is no evidence that I have seen that they have done even this. Thanks for your input though.

If you really want this you can post it in the SMF Forum:

Here, if you think it is a bug

Here, if you think it is a feature request

Moved to the appropriate forum.