gmail security is a joke

• Previous message (by thread): gmail security is a joke
• Next message (by thread): gmail security is a joke
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On May 27, 2015, at 11:22, John R. Levine <johnl at iecc.com> wrote:

> As I've said a couple of times already, but perhaps without the capital letters, from a security point of view, generating a NEW PASSWORD and sending it in cleartext is no worse than sending you a one time reset link.  Either way, if a bad guy can intercept your mail, you lose.

Well, no… a one time reset link is infinitely better than sending a cleartext password, assuming you don’t have to immediately change the password.

A reset link, being usable once, means that you can detect if an attacker has already used it. If you use it first, the attacker has a useless link. If an attacker gets a cleartext password, you probably can’t detect interception.

Cheers,
-j

• Previous message (by thread): gmail security is a joke
• Next message (by thread): gmail security is a joke
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]