sending username and password through email after user registration in web application

Question

What is your opinion on sending the username and password to their email address when they register on our website..this way if they forget the password in the future, they

Answer 1

People often share passwords across sites. So you should assume the same password works for the customer's online banking, and you should never send it by e-mail or provide a way for (someone pretending to be) the customer to retrieve it.

It's fine to send them a confirmation e-mail with their username - this is useful.

Remember, if you e-mail them their password they're likely to forget about that e-mail, or just delete it. So you need another password reset mechanism anyway.

The best way to handle the "forgotten password" case is for the user to request you to e-mail the user a link; when they click the link you allow them to type in a new password.

Regarding personal information (address, income etc): why would anyone want this mailed to them? They already know it! You're just sending private data unencrypted over the internet for no reason.