gmail security is a joke

John R. Levine johnl at
Wed May 27 18:22:04 UTC 2015

> The OP was correct, if they can send you your cleartext password then
> their security practices are inadequate, period.
> Unless I misunderstand what you're saying (I sort of hope I do) this
> is Security 101.

As I've said a couple of times already, but perhaps without the capital 
letters, from a security point of view, generating a NEW PASSWORD and 
sending it in cleartext is no worse than sending you a one time reset 
link.  Either way, if a bad guy can intercept your mail, you lose.

A few moments' thought will confirm this has nothing to do with the way 
passwords are stored within the mail system's database.


More information about the NANOG mailing list