4 Mar
2013
4 Mar
'13
2:02 p.m.
"I need to reset passwords to values that are later communicated to customers" I don't see how this is good security, especially since the passwords aren't forced to reset and you've now generated a list of passwords for all your users in plain text after a potential security breach. I realize you have to do what you have to do, but having the users reset their own password is (IMO) a safer tactic.