Something to consider when creating a user account on a website where you will be paying for a service/product with a credit card:
Pretend you forgot your password and use the “Forgot Password” link. If they send your actual password via email (in plain text), this indicates that there are no security protocols in place when storing your password. A lot of sites will save your credit card info for future purchases. This combined with the lack of password security makes it way too easy for hackers to steal your card info. Most sites will force you to reset your password because, if password security is being approached the right way, the system will have no knowledge of what your actual password is AT ALL. This is accomplished by “salting” and “hashing” your password. What’s stored in the database is your password AFTER it’s been salted and hashed — not your actual password. So when you’re on a website and type your password in, it’s salted, hashed and compared to what was stored in the database.
For more information on salting and hashing, click here.