Didn't we have this discussion about password hashing already a few weeks ago?<p>If someone's snooping on your email, I think you've got bigger problems than a lost password, tbh.<p>As for hashing, again, if someone can get on the server and download the whole database, you've got bigger problems than password hashing.<p>I'm not saying this is a good practice, but I just don't think it's as big a problem as this guy is making it out.<p>Also, there's a balance between security and usability. For some kinds of users, not being able to tell them their password is actually a problem. Sites that are able to do that will have a competitive edge in getting those users. So the question is one of balance between usability and security, not just one of security.
Progressive postal-mailed me a letter with password on it when they sent my first insurance cards.<p>I think some health insurance sites do the same thing.