Stop sending passwords in plain text via email. Just stop already. If you don't know how to implement a secure alternative, hire a fucking consultancy to assist you.

Fuck. The next time I purchase from you and I get my password in plain text anywhere, I'm immediately demanding a refund and taking my money elsewhere.

Just fucking stop.

@No-one not send it at all?

@darkcode You mean when you forgot your password and they send it in plain text to your email ?

@No-one just let the user register like on any other platform. What's the problem with that?

@samfreeman05 no I just purchased and the platform decided they would set me up with an account, so they sent username and password in an email for my account

@pt300 has it right here

@No-one no, I wasn't referring to client credentials management, but since you brought it up, I advise my clients to use a password manager and use the built in share functionality that they all have to send credentials my way.

I use RSA 4096 bit. works well for me

@jackgreen yep definitely not too long lol

@SirWindfield haha. not at all!

@jackgreen as far as I know, banks use 2048, you use double that. Not sure if the extra time is worth the security, cracking 2048 takes long enough...

@SirWindfield yeah I know, I was just kidding. paranoid security measures are fun though sometimes🙄

@jackgreen *generates 9182 bit key*

Dude. It's a TEMPORARY PASSWORD sent over a sha-256 encryption to a new source.

Now that fucking hard. Force users to reset on the platform.

Don't see the issue. Stupid rant because you clearly don't understand the architecture of the platform.

*NOTE I may be wrong and this tiny douche company likely doesn't even encryption passwords on their shit old Apache server. In that case, I suggest teaching a lesson.

Clone their exposed table and email it to them.

@riverForce Not to be a grammar nazi or anything but what do you mean with the first paragraph? SHA256 is a hashing algorithm, not encryption.

But yeah, my current company for hosting tiny vps's does this :(

@riverForce no force reset first time logging in. No mention of temp in email.

It's bad practice. Stfu and stop raining on my rant.