So my experience today, girlfriend has forgotten her password to JoeBrowns.co.uk which happens to anyone from time to time, and attempted to use the forgotten password link. Unfortunately no email came though. Recommended calling customer services which I was expecting to have them say that their mail system is down or something like that. The conversation went as follows:<p>GF: I have forgotten my password and the forgotten password link doesn't work<p>CS: Not a problem, we should be able to give that to you, what is your email<p>GF: <<email address including spelling the name out twice>><p>CS: I have found you, can you write this down<p>GF: Sure (sounding a bit surprised)<p>CS: << Password, character by character >><p>GF: Thanks, that worked (me with my mouth open wide at hearing the result of the conversation)<p>CS: Oh your name is <<insert real name here>><p>GF: Yes that's right<p>CS: Thank you and enjoy your day<p>Give the account potentially can have saved CC details in, order histories, delivery addresses, i was pretty shocked at the level of security on the site. The whole call lasted about 5 minutes, there no wait time. Plain text passwords on an eCommerce website... Asking for trouble!<p>Is it me, or is there something //slightly// wrong this this behaviour, or have I missed a trick?<p>Feel free to disprove me! As I would love to know how a company like Joe Browns can just give passwords away like that!<p>(Edit: Line breaks)