Sending passwords by email

This topic contains 2 replies, has 2 voices. Last updated by eva tallaksen 3 years, 7 months ago.

Topic Author	Topic
Posted: Wednesday May 15th, 2013 at 4:22 am #50005
eva tallaksen Username: etalla
Hi there, What are the risks of using S2Member’s functionality of sending passwords by email? Does this mean S2Member saves the passwords somewhere, and this data could be hacked? Or does it “only” compromise the specific user’s account? Thanks, Eva

Viewing 2 replies - 1 through 2 (of 2 total)

Author	Replies
Author	Replies
Posted: Friday May 17th, 2013 at 4:40 am #50105
Bruce Username: Bruce
Thank you for your inquiry. And thank you for your patience. Does this mean S2Member saves the passwords somewhere, and this data could be hacked? WordPress stores passwords in a one-way encryption in the database. Even WordPress does not know the User’s password after it has been stored in the database, as it is not possible to retrieve it, only test to see if a password that is passed into the encryption matches the encrypted value. You can get a current User’s hash (encrypted) password value, as shown here: http://codex.wordpress.org/Function_Reference/get_currentuserinfo This is the reason there is currently no way to recover a Password, or send a User their password after they have signed up except for the first time when they set up the account, and the password is unencrypted at that point. Therefore, sending the User their password via email only poses a threat for that specific User’s account, if their email is insecure.
Posted: Friday May 17th, 2013 at 5:11 am #50121
eva tallaksen Username: etalla
Hi Bruce, Thanks for the very clear answer! Clarified exactly what I was unsure about. Thanks, Eva

Viewing 2 replies - 1 through 2 (of 2 total)

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.