You have forgotten your password, so you click on “forgot my password” to have a new password sent by email. Sometimes the site tells you what your password was; other times, it sends you a new (usually temporary) password. What are the privacy implications of each approach?

What will be an ideal response?

If the site tells you what your password was, that means the site is storing your password rather than just a hash of it. This means that anyone whogains access to the site’s password database can also gain access to your password, which may give that person access to other of your accounts as well as your account on this site. If the site sends you a temporary password, there is a good chance it is not storing your actual password, which bodes well for your privacy.