Registration email reveals password

[Kelvin]

I just registered for the bulletin board, and I'm very unhappy that the "Welcome to Fund Manager Forums" email that I received included my password. This is unfortunately common in the online world, but I've never understood it; since email is inherently insecure (which is why we're always warned not to put credit card information in an email), why would you include a password (in the same message as the username)? Anyone who gets access to this email message can now login as me. Not that a bulletin board like this is particularly dangerous in that regard, but still...

If I were requesting a password as part of a forgotten/reset process, that would be one thing. But it should be my own responsibility to remember my password, and I should have the ability to keep it private. At the very least, you should warn me when signing up that you're going to include it in the welcome message, so I can choose to use a throwaway password if I want to not compromise a password I use elsewhere.

[Mark]

Hi Kelvin,

Thanks for the feedback. You have a good point. It is a trade-off between convenience and security, and since the message board registration is free, and you cannot do anything particularly dangerous with this information it doesn't seem to be a bad compromise. You also have the option of changing your password anytime you want. You can do this by logging in, and going to your Profile.