The key difference is that capturing a plaintext password means the user and att...

asuffield on June 25, 2014 | parent | context | favorite | on: But why can't I send people their passwords?

The key difference is that capturing a plaintext password means the user and attacker both share a password without the user realising, while capturing a reset link means that one of them will win and the other will observe their password reset has failed.