I have a web site hosted by a UK web hoster and I have to use the Plesk control panel to administer the site. No problem there. However I have just changed the account password - the software then sent an email, an unsecured and unencrypted email containing the new password and email address to me. I then changed the password and I received another email informing me of my email address and password. It seems that I cannot change my password without the password being sent to me in an un-encrypted email. Because of all the severs the email passes through en-route from the hosting company to myself I cannot guarantee that no one has read the password. I therefore have to assume that the password has been compromised and is no longer usable. A real pain since I used that password for several other accounts and sites. I consider this a major security risk, especially as the control panel contains (or rather did contain) my credit card details. Can anyone tell me if this is the way it works - that whenever I change my password, it will be emailed to me in an un-encrypted email?
