I, after registering I noticed that my password has been sent to me in the confirmation email.
I suggest to immediately calculate the hash and forget the original password as soon as possible in the data processing.
So logging in works as follows:
User enters password, server creates hash, compares created hash with hash of the known password, if they are identical the user is authorized.
I think sending the password via email is not necessary.
I signed up yesterday and was not very pleased that Comodo chose to send my password back to me in unencrypted email. What are you thinking? The OP posted this MONTHS ago, and you still have not addressed the issue???
Like many people, I have signed up at several different and diverse forums, and I tend to use the same password for each. I can’t believe that a company dedicated to internet security would send the password back to me this way!
Please change this policy, or at least explain why you think it is necessary to send our passwords back to us? Also please explain why no one ever responded to the OP’s post.
I believe you are right. I’ve search’d for a “Mod” at smf but Couldn’t find anything resulting in a “defualt password first then change after first login”…
It is still Comodo’s forum, and they are the ones responsible for its operation. Perhaps Comodo has been in touch with SMF and asked them to change this policy, or asked how they can change it, but there is no evidence that I have seen that they have done even this. Thanks for your input though.