undefined | Better HN

0 pointsmediumsmart10mo ago0 comments

I think the registration pattern should be - user enters email to register. email is sent to that email with a link to verify. user clicks link. user gets email with username and password to login in to the profile created for them.

0 comments

2 comments · 1 top-level

addandsubtract10mo ago· 1 in thread

This reveals the user's password (even if temporary) in plain text in an unencrypted email. Basically the last thing you want.

A better workflow is to send the user a link where they can set their initial password themselves.

mediumsmartOP10mo ago

same thing in blue which additionally opens the door for someone else to change their password and lock them out, never mind the quality of passwords users set initially etc. Looking at you, mum, registering a new account everytime you forget the last password.

j / k navigate · click thread line to collapse