On Tue, May 26, 2015 at 9:06 AM, John Levine <jo...@iecc.com> wrote: > If they do a reset, what difference does it make whether they send the > password in plain text or as a one-time link? Either way, if a bad > guy can read the mail, he can steal the account.
If they can e-mail you your existing password (*cough*Netgear*cough*), it means they are storing your credentials in the database un-encrypted. -A
