sending username and password through email after user registration in web application

Question

What is your opinion on sending the username and password to their email address when they register on our website..this way if they forget the password in the future, they

Answer 1

I have three rules concerning passwords:

• Don’t store passwords in plain text in the database
  • Why should people trust you with that kind of information? You may only have good intentions, but big companies have failed before, so you're at risk too.
• Don’t use password reminders
  • Password reminders are not worth it. They are easy to guess from people in your entourage and you often forget them. There are better ways to reset a password.
• Always offer to send a new password by email
  • This is the most secure way of retrieving passwords. You should force the user to change the password once logged in with the new password.