gmail security is a joke
John R. Levine
johnl at iecc.com
Wed May 27 18:22:04 UTC 2015
> The OP was correct, if they can send you your cleartext password then
> their security practices are inadequate, period.
> Unless I misunderstand what you're saying (I sort of hope I do) this
> is Security 101.
As I've said a couple of times already, but perhaps without the capital
letters, from a security point of view, generating a NEW PASSWORD and
sending it in cleartext is no worse than sending you a one time reset
link. Either way, if a bad guy can intercept your mail, you lose.
A few moments' thought will confirm this has nothing to do with the way
passwords are stored within the mail system's database.
More information about the NANOG