0

Automatically Assigned Temporary Password - Poor Security

Robert Lynch 3 years ago in Website 0

After signing up for a new account with my google sign-in I received an email with a laughable 5 character password that I could use to log in from my phone. This is incredibly bad security practice. Emailing me a password is a bad idea. Using a 5 character password is even worse. It would be very easy for new members to miss that email and then just have an insecure password on their account forever.


Either have them enter a password as part of the sign-up process or at the very least generate a password that can't be hacked easily.