Websites emailing passwords in plain text – anything to do?

Question

per title, i've had two websites this week send forgotten passwords in plain text over email which would imply it's stored as plain text.is there anything positive one can do here?

LinuxBender · Accepted Answer

Ask them to fix their site. Give them a few months. Get them on the PlainTextOffenders list if they won't fix their site. [1][1] - https://github.com/plaintextoffenders/plaintextoffenders

rgbrgb · Answer

I'd avoid those sites and ensure passwords are unique (using something like 1Password). If you want, you could also send the maintainers a few links on best practice.

softwaredoug · Answer

Send to plain text offenders:https://plaintextoffenders.com/about/

blackcats · Answer

Reset password. Hope they don&rsquo;t mail the password again

Websites emailing passwords in plain text – anything to do?

per title, i've had two websites this week send forgotten passwords in plain text over email which would imply it's stored as plain text.
is there anything positive one can do here?

Ask them to fix their site. Give them a few months. Get them on the PlainTextOffenders list if they won't fix their site. [1]
[1] - https://github.com/plaintextoffenders/plaintextoffenders

I'd avoid those sites and ensure passwords are unique (using something like 1Password). If you want, you could also send the maintainers a few links on best practice.

Send to plain text offenders:
https://plaintextoffenders.com/about/

Reset password. Hope they don’t mail the password again