Not Solved Send Random Password on registration no longer working
#1
Not Solved
Hello,

Have just upgraded to 18.12 from 18.11 and noticed that on registration, you can set the options to "Send Random Password" which although successfully sends the email through to the user, does not function on entry of your forum to enable the user to change it.

It returns a VERY long alphanumeric string but as I say, this no longer works on 18.12.  It definitely worked on 18.11 as due to security, it is a feature I have always happily used.

Pete
Reply
#2
Not Solved
Please don't use this feature. It's honestly ridiculous that it's still in the core. By using it, you're putting your user's plaintext password in an email inbox where it may be stored indefinitely, read by the email provider or anyone in the middle, etc.

Make your users set a decent password that they keep in their brain or in a physical location that some random internet script kiddie isn't going to be able to access from their computer. Or, better yet, stored in a reputable password manager.
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
Reply
#3
Not Solved
Hello,


(2017-05-22, 10:26 PM)PeteSa Wrote: Hello,

Have just upgraded to 18.12 from 18.11 and noticed that on registration, you can set the options to "Send Random Password" which although successfully sends the email through to the user, does not function on entry of your forum to enable the user to change it.

It returns a VERY long alphanumeric string but as I say, this no longer works on 18.12.  It definitely worked on 18.11 as due to security, it is a feature I have always happily used.

Pete

Same here.

(2017-05-22, 11:12 PM)Josh H. Wrote: Please don't use this feature. It's honestly ridiculous that it's still in the core. By using it, you're putting your user's plaintext password in an email inbox where it may be stored indefinitely, read by the email provider or anyone in the middle, etc.

Make your users set a decent password that they keep in their brain or in a physical location that some random internet script kiddie isn't going to be able to access from their computer. Or, better yet, stored in a reputable password manager.

You can easily change the password evertime you want...


I hope this feature will be fixed soon.
Reply
#4
Not Solved
(2017-06-12, 01:23 PM)user001 Wrote: Josh H.Please don't use this feature. It's honestly ridiculous that it's still in the core. By using it, you're putting your user's plaintext password in an email inbox where it may be stored indefinitely, read by the email provider or anyone in the middle, etc.
[quote pid='1274407' dateline='1495494770']

Make your users set a decent password that they keep in their brain or in a physical location that some random internet script kiddie isn't going to be able to access from their computer. Or, better yet, stored in a reputable password manager.

You can easily change the password evertime you want...


I hope this feature will be fixed soon.
[/quote]
Many people don't though, and there's no telling how long that email could sit unread in their inbox. Or even if they read it and don't immediately change their password someone with access to their email could hijack the account. Additionally if the password generated is weak the user then has a weak password guarding their account that was sent to them in cleartext via email; not a secure solution by any means.
My Plugins: [1.8]|[1.6]

** Selling custom plugin that enables Bitcoin payments. PM me if interested in purchasing! **
Reply
#5
Not Solved
it is expected to be fixed soon. issue is added to GitHub for checking
[Random password at registration doesn't work · Issue #2763]
Reply
#6
Not Solved
Hello,

The original mail you get:

------------------------------------------------------
xxx,

Thank you for registering on checkmybb. Below is your username and the randomly generated password. To login to checkmybb, you will need these details.

Username: xxx
Password: d69c9cfc98e971f53087a72fab7cfb04

It is recommended you change your password immediately after you login. You can do this by going to your User CP then clicking Change Password on the left menu.

Thank you,
checkmybb Staff


------------------------------------------------------
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)