I need send the password in the email confirmation after user signs up. How can I include the raw password in the context? Is it secure to pass password this way?
Asked
Active
Viewed 154 times
2 Answers
2
Why would you need to do that? It is very bad practice. If the user has forgotten their password, they can change it by receiving an email with a link.
Mathias Thorsen
- 51
- 4
1
You should never share or store passwords in plain text because you enable anyone to read them. In addition to that, email is not a trusted channel to send sensitive information, so sending a plain text password in an email is not secure.
This post gives more details on this topic: https://security.stackexchange.com/questions/17979/is-sending-password-to-user-email-secure
Tony
- 1,433
- 1
- 15
- 18