“It’s unfortunate that sometimes storing passwords as plain text is a contractual requirement from the client because they don’t want to be forced to create a new one when they forget their original password. Sad world we live in.”
Well, I’m sorry but it would never be part of any contractual requirement to store passwords as plain text. This is in violation of the Data Protection Act. If you want to store your passwords so you can get them back then use a reversable encryption which uses a key, such as BlowFish.
Never ever try to say that storing passwords in plain text files is a requirement. If the client tells you this, explain why it’s not possible. Even if the client can read the passwords, this may be in violation of DPA also.