this this this, i also would like to recommend a feature like most sites have where if someone password requests you it doesn't just send your literal password to your email but sends you a link to reset it entirely, just thought i'd throw that out there. something absolutely needs to be done about security nonetheless.