Password within New User email
We have received previous queries regarding the fact that the New User email which is sent out, can include the password.
This support article contains information on this subject.
Removing the password
This can be removed by going into Orders -> Emails finding New User and removing {$password} from the template.
- This is a decision that you will need to take, as you may wish to include it as otherwise the users are constantly forgetting their password; or you may wish to take security as the most important aspect and not include it. What you decide on may be impacted by your PCI requirements.
- We do not store any passwords in the database as raw text anywhere. All passwords are encrypted using a combination of technologies to give the best possible security and ensure that everything is done to make it as difficult as possible to decrypt them (note: nothing is impossible to decrypt)
- The only reason the password is able to be sent in its original format is due to the information being accessed from the POST and sent immediately in the email, before it is then stored in the database. We do not store any payment details on the site, only tokens with the payment providers, and do not store any passwords unencrypted.
Updated over 2 years ago