As far as I'm aware the passwords are *not* stored in plain text, they are encrypted and the link you are sent via email will show you the unencrypted password when clicked.

Quote from: Chris

As far as I'm aware the passwords are *not* stored in plain text, they are encrypted and the link you are sent via email will show you the unencrypted password when clicked.

Which would mean the encryption key is available to the webapp, so may aswell not be encrypted.  Anyone who gets access to the web servers can decrypt all the passwords anyways.
Certainly not best practice, it should be one way encrypted and a forgotten password link should allow a new password to be set.
Ben

Hi Ben,
The one way encryption is something we have thought about and looked into, but due to the way that passwords sync across mail, webspace, adsl etc it's a very very very large piece of work as every password reset would then have the likelihood of a call into the support centre.

A significant problem is that the same password is used for the portal and for the login in your router. Reset the portal password with a forgotten password link and if they try a reconnect without resetting the password in the router and they will not be able to connect.
However there is an even worse problem than that. Resetting the portal password will also reset the password on their default mailbox. This means they won't be able to collect the email to find out what the new password is!