I've been recently been doing some studying on different security topics and I came across this: Is it more secure to send out a password reset link when a user forgets their password or send the original password unencrypted in an email?
Now obviously I know not encrypting a password is bad because if a database gets hacked, a hacker would have the password. But ignoring that possibility, is it more or less secure to send a reset link over a plain text password in an email. I'm curious to hear everyone's thoughts. Thanks!
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!