>>too long, maximum 12 characters
>request password reset
>>plaintext password sent to email
Pearson Publishing (Pearson My Lab) does that. If you request a password reminder they'll send it to you in plain text. Means they aren't even hashed in their database. It's even weirder when you consider the fact that so many users end up paying well over $100 for their services yet their fucking site isn't even secure to protect their investments.
I remember a guy I know running sms gateways having the same issue. He then told me that you had to explicitly enable them in some stupid Microsoft framework.
Maybe they're facing the same issue?
>fucking MS devs
I once forgot my password for an online learning site we had to use for a class. When I forgot my password, they had me open a live chat session with some rep who verified my username and email then told me my password in the chat in plaintext.
>>the passwords are hashed so we don't actually know your passwords!
>>password: this is hashed so we can't send it to you, remember?
I don't know how to feel