README.passwords, password functionality in phpList

This relates to passwords for users and not passwords for administrators.

This file refers to new functionality in PHPlist 2.4.1. You can now have your users
set up a password for themselves instead of using the "Unique String" functionality
that has been used in previous versions.

If you activate this functionality, the "Preferences page" will have an extra input 
field for password and the password can be edited by the user. This will provide more 
security for the personal details of a user, because the password will never be sent 
in an email, and needs to be remembered by the user. 

In order to allow transition from the old system to the new, PHPlist will allow a user
to access their personal details page without a password, but with the unique string,
if the password has not yet been set. As soon as a value exists for the password, the
system will require logging in, in order to access the details page. The unique string
will still be required.

If you use encrypt password, the password will be stored with  MD5 encryption in the
database. However this encryption is one-way, so the system will not be able to send
the password to the user. In that case the "Forgot Password" element will become
a link to email the administrator of your PHPlist installation. You can then update
the password for the user manually (you will have to enter a new password) and send 
the password to the user. If you store the password in plain text the "Forgot Password"
functionality can be automatic.