Originally Posted by timo2
not only that, I've had two companies actually send me the actual password in the 'forgot my password' email.
And this is the reason that now when I register at a new web site, I first use a temporary password. I then immediately 'forget' my password and have it reset.
Hopefully, this will start a process to reset my password to something new and the old password will not be displayed.
On the other hand, if they send me the actual password, I know that I need to create a one-off password for that sight so that I do not compromise my password patterns.