in reply to Ethics of Passwords
Here's what I'd do... one-way encrypt the users' passwords in storage, but send a one-time e-mail to their provided address which reads "Keep this message for future reference." However, one shouldn't underestimate the clever destructiveness of the generic-brand user.
If the occasion should arise that you NEED to e-mail the user a password, and you are concerned that the user may object to "sDFf34ggR," you might have one randomly auto-generated by combining 2 or more words from a LARGE list of pre-selected words, so you'd get things like "MONKEYCHAIR" and "FRISKYPERL". Heck you could even tack a random 2-digit number on that if you want a little more security; most of the level-headed users won't complain about only TWO random digits (I know, when I say "most of the level-headed users" it is more correct to say "'both' of the level-headed users"). Such passwords are quite easy to remember.
Alan "Hot Pastrami" Bellows
-Sitting calmly with scissors-
If the occasion should arise that you NEED to e-mail the user a password, and you are concerned that the user may object to "sDFf34ggR," you might have one randomly auto-generated by combining 2 or more words from a LARGE list of pre-selected words, so you'd get things like "MONKEYCHAIR" and "FRISKYPERL". Heck you could even tack a random 2-digit number on that if you want a little more security; most of the level-headed users won't complain about only TWO random digits (I know, when I say "most of the level-headed users" it is more correct to say "'both' of the level-headed users"). Such passwords are quite easy to remember.
Alan "Hot Pastrami" Bellows
-Sitting calmly with scissors-
In Section
Meditations