Sending the password in a separate email is something that everyone has either done, or had done to them. As though sending TWO clear text transmissions to the same network and account or worse yet from the same network and account is somehow better than just placing them in the same email.

What is the basic thought process with this? If someone is running a MiTM it won’t help to send two emails unless they are generously spaced out, and even then this is not a guarantee. If someone has access to the mailbox, the sent items folder is just as feature rich a target as the inbox is, and depending on the mailbox this may be more so. For example an administrator that handles password resets. This sent items folder can potentially hold numerous valid and active account credentials. So what is the benefit?

In short it is a visual crutch of safety. Like the TSA security checks for post security issues, this does little to avert the underlying risks. Instead a complete out of band solution should be used. The options here are many, but some preferable ones are wholly separate email infrastructures, SMS, and escrowed encryption solutions.