Clarify wording of password sending recommendation

[n-l-i]

Summary :

This includes a small improvement in wording in 04-design/02-web-app-checklist/06-digital-identity.md

The recommendation for sending passwords can be read two ways, either as "Always send non-temporary passwords encrypted" or as "Don't send temporary passwords encrypted". This commit clarifies that the former interpretation is the intended one.

Description for the changelog :

Clarify wording of password sending recommendation

Declaration:

• content meets the license for this project
• AI has not been used, or has been declared, in this pull request

Other info :

Thanks for submitting a pull request!

Please make sure you follow our Code of Conduct
and our contributing guidelines

Automated tests are run to check links, markdown and spelling

The pull request must pass these tests before it can be merged

[jgadsden]

Hello @n-l-i , could you clarify why this change in wording is better?

[n-l-i]

Of course @jgadsden! So when I was reading the current wording, "Only send non-temporary passwords over an encrypted connection or as encrypted data", I was initially thinking "huh? why should only non-temporary passwords be sent encrypted? what is wrong with sending temporary passwords encrypted?". But they don't mean that only non-temporary passwords should be sent encrypted, but rather that non-temporary passwords should only ever be sent encrypted and never in plaintext. The sentence can be read both ways, however, and both readings are equally grammatically correct (afaik). The change in wording in this PR is my attempt at removing the ambiguity with minimal changes to the original entry.

[jgadsden]

Thanks for the clarification @n-l-i , and I wil go ahead and merge
It is unusual for a pull-request to be a single word change :)