sending username and password through email after user registration in web application

Question

What is your opinion on sending the username and password to their email address when they register on our website..this way if they forget the password in the future, they

Answer 1

Never send a password or other sensitive information in the clear. That includes e-mail. You should also be storing as little of this as possible in a recoverable format. Unencrypted communication, especially e-mail, is easily tampered with, and you don't want the wrong people getting at passwords.

If possible:

• Store your passwords in a salted hash, so the original text is unrecoverable, and thus unbreakable by anything short of a brute force attack. If the user forgets his/her password, make them reset it and send a temporary password (which they are required to change upon login) or a confirmation link (which, again, prompts for a new password) via e-mail.

• Never send anything sensitive via e-mail; if the user needs information, make them go to your site to get it. You are using HTTPS, right?