-
Suggestion
-
Resolution: Duplicate
-
None
-
None
When users signup for an account at support.atlassian.com or jira.atlassian.com they get the password sent by email in clear text. This is a security breach, as the email may be intercepted by a third party and used to log in into their accounts. Moreover, many customers will use the same username/password in several systems/applications, so the compromised credentials can give access to other critical systems.
In my opinion, the signup page should have a check box "Send Password Email:" as the Administration window for creating users. That way, users concern about their password being sent over email could have the option of not receiving an email with their passwords.
- is related to
-
JRASERVER-6175 Passwords sent as clear text in email
- Closed