Websites that store your password in plain text.

[guinness]

A website storing a password in plain text means that your password is there, waiting for someone to come and take it. It doesn’t even matter if you’ve created the strongest possible password. It’s just there.

Source: http://plaintextoffenders.com/

[Midas]

Often wondered about such practices, which I found mostly in mailing lists. What's the point of setting a password if it then travels back to you -- across all of the Internet -- in plain text?

[carbonize]

Whilst I do think storing passwords in plaintext is one of the stupidest things any web dev can do that entire website is based on the premise of someone getting hold of your emails If someone has got access to your emails it makes no difference if they send your email in plaintext or not since reset emails will also be sent to that address.

[JohnTHaller]

Whilst I do think storing passwords in plaintext is one of the stupidest things any web dev can do that entire website is based on the premise of someone getting hold of your emails If someone has got access to your emails it makes no difference if they send your email in plaintext or not since reset emails will also be sent to that address.

There is a small difference as, if someone gains access to your email, they can request your passwords from sites like that and get your password without you knowing. For sites that reset your password, they'd need to change it, which may alert you to someone messing with it. A small difference, but a difference.

[carbonize]

But how long would a malicious person need to have access to your account for to do serious damage or gain access to your personal details? I doubt anyone after your passwords would be in it for the long haul.