

Ask HN: Why does hacker news send reset passwords in plain text? - vinautomatic

=\
======
lmm
What's the alternative? Password resets are for when you've forgotten
everything, so there's nothing that could be used to encrypt them. And email
is the only contact mechanism that works on everyone.

(FWIW I avoid the risk by not giving HN an email address)

~~~
ablerman
The alternative is to send a single use link that points to a form to set your
password.

~~~
vinautomatic
Yep he's right

