I'm trying to better understand the situation with sending of passwords. I appreciate that sending them by email is insecure, and so... 1 Rather than sending a password in response to a 'lost password' request, it's more secure for to send a link to set a new one. 2 For similar reasons, the signup (after payment) email doesn't contain an option to include a password. But I'm wondering why the registration (pre-payment) email can contain a password. I'm aware that after payment the password becomes hashed and hence can't be sent, but if security is the reason, then why is it hashed after payment rather than on account creation?
From what I understand it is hashed right at account creation (before payment is completed). So essentially, user clicks submit for his personal account details (to be taken to payment steps), email is sent with plain text password, then password is hashed and never seen again which is why this is the only step where you can send the password in plain text.
Thanks. I'd assumed it wasn't hashed until payment, and hence that was why it couldn't then be sent. I'm perhaps even more confused now... unless being available to be sent plain text for the first email is something which is due/likely to be removed in updated versions.
the account IS created before payment. start the sign up process but dont pay and just abandon the process. go into the admin and you will see your test purchase account as pending. it is when the account is set up, and in pending status the email is sent with the plain text password if you want it too. in other words, after you enter name, email, username, password, payment method and then hit "continue"..the account is created, email is sent with plain password, and then encrypted to database accordingly..whether payment is made or not. the welcome email sent after the actual purchase / payment is different.
Thanks. I was aware of the point you mention... and although I understand why a hashed password can't be sent, what puzzles me is that if the reason for hashing the password is security then why is it available in plain text on account creation?
At this time password is submitted by user and aMember do not save it anywhere. aMember in same time send it to user and hash password and save to database. All these actions occur in same request.