Details
-
Suggestion
-
Resolution: Duplicate
-
None
-
None
Description
When users signup for an account at support.atlassian.com or jira.atlassian.com they get the password sent by email in clear text. This is a security breach, as the email may be intercepted by a third party and used to log in into their accounts. Moreover, many customers will use the same username/password in several systems/applications, so the compromised credentials can give access to other critical systems.
In my opinion, the signup page should have a check box "Send Password Email:" as the Administration window for creating users. That way, users concern about their password being sent over email could have the option of not receiving an email with their passwords.
Attachments
Issue Links
- is related to
-
JRASERVER-6175 Passwords sent as clear text in email
- Closed