I was playing around with different news readers/aggregators when I remembered that I have an existing NewsGator account that I set up a while back. So I went to the NewsGator site and tried to login but I forgot my password. Like most sites, NewsGator has a "Forgot your password?" link. Using that function sent me this email:
As you requested online, we are sending your NewsGator
Online credentials to you. They are as follows:
Username: [My Username was here]
Password: [My unencrypted password was here]
If this was a password reset or new account creation, that would have been acceptable -- as long as I am then required to change it the next time I log on. But what they sent me is a password that I created months ago.
This could only mean that in NewsGator's servers, my password is stored either in unencrypted format, or if it is encrypted, it is reversible. I know that a lot of smaller sites do this... but NewsGator? What happened to one-way encryption?
Comments? Good, bad, tolerable, unacceptable?