We have completely removed the possibility of sending the username password for security reasons. If fact, two security reasons. First, what you receive by email is actually stored in the database, in the security exceptions log. Considering that in most real world cases the password stored was a user’s real, slightly mistyped password it created a massive security hole. Someone infiltrating your database would have the hashed passwords and a blueprint for many of them, making their job of cracking these passwords trivial. In our tests it took a mere few seconds to a few minutes (instead of hundreds of years) to crack these passwords using the slightly mistyped passwords as a starting point. The other obvious problem is that email is unencrypted and can be intercepted.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!