This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Talk:Testing for Vulnerable Remember Password and Pwd Reset (OWASP-AT-006)
From OWASP
Storing the password in a permanent cookie. The password must be hashed/encrypted and not sent in the clear.
At least without strong recommendations for the hashing/encryption I find it quite absurd to tell people to do this! But also in general my belief is that this is just wrong for several reasons.