[carbocation]

I store passwords as a hash in the database, but send it to the user in plaintext when they register. Why?

1. I didn't used to do this, but I got so many requests that I eventually caved. 2. No money changes hands on the site.

[imajes]

Without education, people won't learn. I'm a fan of thoughtful UX but, frankly.. this is an area where caving sucks. Sorry. I'd have spent the time improving my password recovery service.

[carbocation]

Hmm. Fair point. Maybe I'll reconsider sooner rather than later.