My insurance company sending me the payment slip by post with my username and password to the online account for easy access. How sweet of them. 10/10 customer satisfaction.

I see your "Storing passwords in plain text". I raise you to "sending passwords via post in plain text".

Well, a hotel in France card payment system was down when i was leaving to fly home, they said they would send me an invoice via email. They sent a photo of my passport with all my details and a word doc to fill in and send back via email with my credit card details. What fucking areseholes.

But it's illegal to read mail, didn't you know that? So nobody does it. Of course this is safe.

/s

Australian ISPs seem to think it's fine to hit "reset password" and bam a SMS with username and password is sent out.

I'm not sure anymore, but I don't think that's how a reset works.

@helloworld Did you get away with not paying? I wouldn't have paid.

@Root Ooh yes. I should just send them the money in an envelope too. 🤔

@Root Fun fact: In Germany faxes are secure by law with the same argumentation, while email isn't.

@sbiewald @exceptionalGuy 😅

@exceptionalGuy Unfortunately not, it was quite a hefty bill. I paid over the phone, not without risk but safer than email.

So go to the authorities who take care of GDPR things. This is something they can be fined for.

@CoffeeNcode Verizon in the US does the same thing. Not only that, but it's the last 4 of your social plus your last initial

@Codex404 that was my first thought too. But I don't think I want to be pulled into this crap. French administration is already a living nightmare.

@lukegv it was a password generated by the system when I first created the account which was communicated to me via email (plain text again). But no, it's not a one time password.

@exceptionalGuy it should be just one form online and they ask if they can contact you again.

@exceptionalGuy this is a whole new level 😂😂😂😂

Bad situation. In general, such personal data should always be well protected and the company has no right to do this! Personally I have a business and I usually buy commercial general liability insurance via https://generalliabilityinsure.com/ website and never had any problems. I think you should change your insurance company!

Yes, this is a common situation.

That's unbelievably irresponsible — sending login credentials by post is bad enough, but including both username and password is just next-level negligent. Definitely report it to your country’s data protection authority if you can. This kind of thing violates basic security principles, and they need to be held accountable. Also, consider changing your password immediately (which I’m guessing you already did), and maybe set up 2FA if the system allows it. It’s shocking how some companies still treat cybersecurity like it’s optional in 2025.