Pressbooks.bccampus.ca Sign Up procedure includes a new, plain password sent in email

[paulagaube]

Description

When a user signs up for a faculty Pressbooks account at https://pressbooks.bccampus.ca/wp-signup.php, they are asked to enter a username, email address, a password (twice), and choose their institution. This procedure does allow a user to create an account, however the password the user enters is not registered, and a new, plain text password is emailed to the user after they activate their account by clicking the link in the email they are sent.

Expected behaviour

The password that the user enters when first creating the account will be the password they use to log in.

Actual behaviour

The password the user enters is discarded a new password is generated and emailed to the user.

Steps to reproduce the problem

See attached PDF showing the process, courtesy of Declan RS.

1. Go to: https://pressbooks.bccampus.ca/wp-signup.php
2. Enter username, email, password, institution, choose "Rregister my book later", then click next
3. Check email and click the activation link in the email
4. An email is sent with username and password in plain text.

2019-Aug-12-Pressbook_Account_Creation.pdf

System Information

• Textbooks for Pressbooks: [Enter PTB Version here]
• Pressbooks: [Enter PB Version number here]
• WordPress: [Enter WP Version number here]

[paulagaube]

As a new Pressbooks user, I'd like the password I enter when I first sign up for an account to be the password I use for my account So that I don't have to reset my password or learn a new password. And I don't want my password emailed to me with my username!