sending username and password through email after user registration in web application

Question

What is your opinion on sending the username and password to their email address when they register on our website..this way if they forget the password in the future, they can look it up in their email...also we wont have to implent the forget/reset password scenario (we are close to release)..

is this approach safe enough?

1. My second question is that basically on our site, the user fills out certain forms and enter some information like their name, address, phone number, income information and such personal information..at the end, when they submit the application, we are thinking of emailing them a summary of all this information like their name, address etc so that they have it for their records..

is this ok..safe enough..what are the concerns

Answer 1

The concern is definitely in the sending of the email with the password. If it is not properly encrypted, someone could potentially sniff the packets from the email being sent and recover the password. Also, the person could potentially have a hijacked email account. If it's not a big deal if someone steals the password then you may not have to worry, but otherwise I would NOT send any unencrypted passwords via email.

Edit: To address your second question, I wouldn't even email that. I would instead send a link so that they can easily see their profile/information when they log in.

Answer 2

Most company simply do not include Username password combination due to the security of the external email client. Any numbers of users could brute force or guess the password to the email account of another users which would allow the hacker to view the email of your site. Then the hacker could wreak havoc on your site as well

Answer 3

I'd say providing a forgotten password function will still be vital as not everybody will be guaranteed to keep all there emails (or even be able find them later on)...

Answer 4

My rule of thumb would be - if you're OK writing it on a postcard and sending it through the mail, then it's OK for standard Email. I don't think income information would fall in that category for most people.

As for passwords, if they can't remember them in the first place, they won't be able to find the Email you sent them with the password in it, and it's an admission of storing it in the clear. I would avoid it and give them the means to reset - they will need that anyway.

Answer 5

Never send a password or other sensitive information in the clear. That includes e-mail. You should also be storing as little of this as possible in a recoverable format. Unencrypted communication, especially e-mail, is easily tampered with, and you don't want the wrong people getting at passwords.

If possible:

• Store your passwords in a salted hash, so the original text is unrecoverable, and thus unbreakable by anything short of a brute force attack. If the user forgets his/her password, make them reset it and send a temporary password (which they are required to change upon login) or a confirmation link (which, again, prompts for a new password) via e-mail.

• Never send anything sensitive via e-mail; if the user needs information, make them go to your site to get it. You are using HTTPS, right?

Answer 6

People often share passwords across sites. So you should assume the same password works for the customer's online banking, and you should never send it by e-mail or provide a way for (someone pretending to be) the customer to retrieve it.

It's fine to send them a confirmation e-mail with their username - this is useful.

Remember, if you e-mail them their password they're likely to forget about that e-mail, or just delete it. So you need another password reset mechanism anyway.

The best way to handle the "forgotten password" case is for the user to request you to e-mail the user a link; when they click the link you allow them to type in a new password.

Regarding personal information (address, income etc): why would anyone want this mailed to them? They already know it! You're just sending private data unencrypted over the internet for no reason.

Answer 7

I tell people to think of email like a postcard -- an employee of any company that handles it between the sender and the recipient can read it.

Answer 8

When you are sending any information via email, it won't be secure. There are too many ways someone can get it. It would be child's play for a skilled hacker looking to steal your information.

Refrain from sending any personal information like passwords and income information via email as it can become VERY EMBARRASSING for you and your organization if such information was leaked or stolen. Think about security seriously. It just takes that one incident for all the bricks to fall.

As for password retrieval, thoroughly read Forgot Password Best Practices.

The bottom line is that an application following best practices should allow a user to reset his own password. Personal security questions should be used. The application should not send email, display passwords, nor set any temporary passwords.

Answer 9

I have three rules concerning passwords:

• Don’t store passwords in plain text in the database
  • Why should people trust you with that kind of information? You may only have good intentions, but big companies have failed before, so you're at risk too.
• Don’t use password reminders
  • Password reminders are not worth it. They are easy to guess from people in your entourage and you often forget them. There are better ways to reset a password.
• Always offer to send a new password by email
  • This is the most secure way of retrieving passwords. You should force the user to change the password once logged in with the new password.

Answer 10

As mentioned in comments, you might want to look at OpenID. The most secure way to manage passwords is to eliminate them.