Fwd: Password Reminder mails plaintext password
Chris Warrick
kwpolska at gmail.com
Thu Sep 21 15:20:41 CEST 2017
It looks like I forgot to Reply All. Repeating my message:
On 21 September 2017 at 13:21, Michael Aquilina
<michaelaquilina at gmail.com> wrote:
> I would disagree with you. Not everyone uses a password manager
> (unfurtunately) If its not obvious that your password is going to be
> stored in plain text then its going to be a nasty surprise. Or worse,
> you will never actually find out that your password has been stored in
> plain text somewhere.
The sign-up page says this above the password box:
> You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. **Do not use a valuable password** as it will occasionally be emailed back to you in cleartext.
>
> If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options.
My standard practice for mailman is to let the password be random (not
stored in pass) and disable the monthly reminder “feature”.
--
Chris Warrick <https://chriswarrick.com/>
PGP: 5EAAEA16
More information about the Password-Store
mailing list