latest stable versions: v150827 (changelog)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Sending passwords by email

Home Forums Community Forum Sending passwords by email

This topic contains 2 replies, has 2 voices. Last updated by  eva tallaksen 3 years, 7 months ago.

Topic Author Topic
Posted: Wednesday May 15th, 2013 at 4:22 am #50005
eva tallaksen
Username: etalla

Hi there,

What are the risks of using S2Member’s functionality of sending passwords by email?

Does this mean S2Member saves the passwords somewhere, and this data could be hacked?

Or does it “only” compromise the specific user’s account?

Thanks,
Eva

List Of Topic Replies

Viewing 2 replies - 1 through 2 (of 2 total)
Author Replies
Author Replies
Posted: Friday May 17th, 2013 at 4:40 am #50105
Bruce
Username: Bruce
Staff Member

Thank you for your inquiry.

And thank you for your patience.

Does this mean S2Member saves the passwords somewhere, and this data could be hacked?

WordPress stores passwords in a one-way encryption in the database. Even WordPress does not know the User’s password after it has been stored in the database, as it is not possible to retrieve it, only test to see if a password that is passed into the encryption matches the encrypted value. You can get a current User’s hash (encrypted) password value, as shown here:

http://codex.wordpress.org/Function_Reference/get_currentuserinfo

This is the reason there is currently no way to recover a Password, or send a User their password after they have signed up except for the first time when they set up the account, and the password is unencrypted at that point. Therefore, sending the User their password via email only poses a threat for that specific User’s account, if their email is insecure.

Posted: Friday May 17th, 2013 at 5:11 am #50121
eva tallaksen
Username: etalla

Hi Bruce,
Thanks for the very clear answer! Clarified exactly what I was unsure about.
Thanks, Eva

Viewing 2 replies - 1 through 2 (of 2 total)

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.