It seems that you email passwords in plaintext to people when forgotten. This indicates that you are not properly protecting passwords (salted and hashed as per industry standards) as stored by your user management system. This is not secure and risks exposing user information on your site and others, especially with reused passwords. What are you plans to adopt modern password security to protect your users?
Sat, 2017-08-05 13:29#1
Passwords emailed in plaintext