Bad Security at Evite

Use Anyvite.<p><a href="http://anyvite.com" rel="nofollow">http://anyvite.com</a>

Didn't we have this discussion about password hashing already a few weeks ago?<p>If someone's snooping on your email, I think you've got bigger problems than a lost password, tbh.<p>As for hashing, again, if someone can get on the server and download the whole database, you've got bigger problems than password hashing.<p>I'm not saying this is a good practice, but I just don't think it's as big a problem as this guy is making it out.<p>Also, there's a balance between security and usability. For some kinds of users, not being able to tell them their password is actually a problem. Sites that are able to do that will have a competitive edge in getting those users. So the question is one of balance between usability and security, not just one of security.

Evite is willing to sacrifice security for usability. Which makes sense, because it doesn't really matter if someone hacks your Evite account.

Sending your password after signup doesn't necessarily mean they're storing it permanently.

Progressive postal-mailed me a letter with password on it when they sent my first insurance cards.<p>I think some health insurance sites do the same thing.