Dangerous sending username/password in email?

HI everyone. Sorry if this seems like a silly question, but isn’t it dangerous to have s2Member send out new user usernames and passwords together via email? Isn’t it possible that the username/password combination could be snooped or seen by certain nefarious people (spammers and the like)? I just don’t want any of my users’ accounts compromised.

I am nervous about sending this information out automatically to newly registered users. I think the safe thing would be to send the username alone and expect the user to remember the password he or she created during registration.

S2Member help says: “This email is sent to all new Users/Members. It should always contain their Username/Password”; management of this is at S2Member General Options -> Email Configuration -> New User Email Configuration -> New User Email Message ( click to customize )

Hello Simon, thanks for your inquiry.

I understand why you would be worried.

As in the last paragraph, have you tried editing the email that will be sent to users? In there there’s a special replacement code that sends them their password, you can simply remove that replacement code.

You can do this under Dashboard -› s2Member® -› General Options -› Email Configuration.

I also invite you to check our KBA (Knowledge Base Article) on the subject:
Knowledge Base » Editing the New User Email Notification with s2Member®

Hope this helps. :)

Thanks for the heads up on this thread.

Well, sending passwords via email is an standard practice on the web. A transactional email is sent to each new registrant, so they have it on file, in case they forget. However, if you’d rather not do that (and I do understand your point), you can simply remove that line from the email that is sent to new registrants. You’ll find that email here: Dashboard -› s2Member® -› General Options -› Email Configuration

Thank you Eduán and Jason, for the quick replies. You guys are the best!

I really love the S2Member and Pro plugins. I thank you for creating such an excellent and apparently “lightweight” framework to manage memberships on our sites.

I have removed the password info from the outgoing new registrant email. This is the relevant section from the email template (might help others who wish to do the same):

Please keep the following IMPORTANT LOGIN INFORMATION for your records.

Site URL: http://mywebsite.com
Your Username: %%user_login%%
Your Password: (you set this when you created your account)

If you should need to reset your password, you may do so easily from the login box;
just click the "Lost your password?" link.

All in all, I am still not sure if it’s truly an important issue or perhaps I am all worried about nothing! For now, I’ll just play it on the safe side.

All the best to you both, again.

You’re welcome Simon!
Thanks for the kudos! :)