Just because a website can email you your password doesn't mean they store them in plain text. They can store them in a reversible encryption scheme like rijndael.
If a hacker can steal your user database they as-likely-as-not have access to your reversible encryption keys.
On top of that it's bad form to mail a user their plaintext password back to them.. I don't need my password crossing third-party networks and SMTP servers in plaintext.
It would make for an interesting Firefox/Chrome plug-in. When you visit a site, have a indicator of some sort that warns that the site _may_not_ encrypt your password. Although, this could become obnoxious and there is no way good way to verify this.
3 comments
[ 3.0 ms ] story [ 19.1 ms ] threadOn top of that it's bad form to mail a user their plaintext password back to them.. I don't need my password crossing third-party networks and SMTP servers in plaintext.