Hi there,
I just came to find out, storing a password in a plain text is a bad idea IF that password is only used for re-sending it?
Let me put it this way, people register in your site, you can keep one hased password, lets say by md5() or sha1() or bcrypt, which will only be used to authenticate and log in user, the other one can be stored in the form of plain text, not this plain text will only be used to resend, it will not be used to login/ or provide access to anything, but it seems a bad idea, as I have been told. Is there any reason for this?