registration email exposes the password

The key is not the password. The key is a randomly chosen string that has nothing to do with the password.

oh my bad. It was meant to be posted in plugin support forum.

“Login Press” has option to add password field in registration page itself. However, when the mail is triggered, it contains actual password as “key” as opposed to default feature that has a random string corresponding to key.

Source link