Web security improvement

Please improve your password storage.  You should never store a user's password, you should only be keeping a hash of that password.  If a user forgets their password, provide a password reset feature.  It should be impossible for you, or a hacker, to know what the user password is.  Users should use different passwords everywhere, but honestly they don't.  If your site is hacked, the hackers will have access to email/password combos that probably work on other sites.

 

Please change your password field to * out the characters on the registration form.  Please don't email me my password.  If you must, you can email a new random password as part of a password reset feature, but never email me the one I created.  Absolutely for the sake of all that is good, only store password hashes not actual passwords.

 

Here is a reference on how to password hash and more details on why http://crackstation.net/hashing-security.html