I agree with this and I have previously modded my boards to give random passwords of the minimum length.
I don't know, phpBB user david63 on a publicly visible phpBB board. How would they ever know your phpBB username? But yes, it wouldn't be obvious how they would have obtained the email address. Not that this makes it impossible, but certainly can concede it's not "open information" exposed by phpBB. (Though I guess that depends on your phpBB settings.)
Code: Select all
Copy and paste the password into the "Password:" field. You don't need to type it in.