Password reminder instead of reset

Is there a way to send a password reminder email instead of password reset email out of the box?

Darren

No, out of the box. Passwords are hashed by default. It's just impossible to get a password from its hash. You have to modify the source code (store plain passwords and add an appropriate message template and logic).

a.m. wrote:

Would you consider adding this as functionality? Most eCommerce sites allow me to request a reminder of my current password rather than making me go through the process of resetting.

Darren

Please see my post above. It's just not possible with the current implementation of password storing (it's a good practice to store hashed passwords). That's why it's better to leave it for customization if somebody requires this functionality

Perhaps he means a "password hint" that the customer enters when they create their account.  Emailed to the customer when requested to help remember forgotten passwords.

SWW wrote:

Hi SWW,

No, I wanted to actual password to be emailed to the customer. This is fairly standard on most sites I use. It's not the most secure practice but security is a compromise between robustness and usability.

When someone is looking to spend money with you, I err on the side of usability. After all, you have to assume the customers email is secure. And even if it were not, there is not so much harm that can be done by unauthorised access to the customers account.

It would be nice to have a LostPassword setting that can be set to "reset" or "remind". If set to "remind" only those passwords stored as clear text could use the_customerService.RemindPassword service.

Would also be nice to have a setting to set how passwords are stored instead of it being hard coded as .hash

Darren