Signing up to check out the service, I note that you're giving a password security indicator and think "that's nice."
Then I complete the sign up and the first email I get contains the password in plain text. Think kind of destroys any sense of the password being secure. I can only hope it's not being stored plain text too :-/
Unrelated, but another grumble: I can't even pay for the invoice, I just get redirected to a bare page stating "Processing error. 124 EXPIRED TRANZACTION"
*UPDATE*: I gave it 20 minutes or so after repeated tries, and now it worked.
The fact that they email you the password in plain text when you sign up does not mean that they store your password in plain text. The email is probably sent immediately when you sign up, and so the password in the mail is taken directly from your POSTed form data for your convenience.
I realise that it's not a direct indication of storing in plain text, it was said tongue-in-cheek to point out that sending a password via the insecure medium of email is bad practice. From a marketing perspective, it doesn't create a positive first impression.
If someone really did forget their password between sign up and logging in the first time, they could use the standard "forgot password" mechanism.
@SmileyChris As many of us here, I don't understand your question about lack of security when sending password via email. Are you really "understand your question"? Because I am not...
