[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gmail security is a joke

Subject: gmail security is a joke
From: johnl at iecc.com (John R. Levine)
Date: 27 May 2015 14:22:04 -0400
In-reply-to: <[email protected]>
References: <CAKnNFz_apy8KHBXj0umGoq6UfCD640Jtxe9A+2TqU-d761-eug@mail.gmail.com> <[email protected]> <CAEE+rGqi0UiC=mEBOcUMFBbBLfSgVKHpmSFw=PE45emxB1cYDQ@mail.gmail.com> <CACnPsNW7W1u-cXBFVy8j3xEV1FEBXsT1C_+kYT4MMXXa9Uf+Kw@mail.gmail.com> <CAP-guGXv+9AuM1z_r7oO7q6HDuF1Dw_tTXO5EwywLw2shpt96g@mail.gmail.com> <[email protected]>

> The OP was correct, if they can send you your cleartext password then
> their security practices are inadequate, period.
>
> Unless I misunderstand what you're saying (I sort of hope I do) this
> is Security 101.

As I've said a couple of times already, but perhaps without the capital 
letters, from a security point of view, generating a NEW PASSWORD and 
sending it in cleartext is no worse than sending you a one time reset 
link.  Either way, if a bad guy can intercept your mail, you lose.

A few moments' thought will confirm this has nothing to do with the way 
passwords are stored within the mail system's database.

R's,
John

Follow-Ups:
- gmail security is a joke
  - From: egon at egon.cc (James Downs)
- gmail security is a joke
  - From: bzs at world.std.com (Barry Shein)

References:
- gmail security is a joke
  - From: tknchris at gmail.com (chris)
- gmail security is a joke
  - From: johnl at iecc.com (John Levine)
- gmail security is a joke
  - From: aaron at heyaaron.com (Aaron C. de Bruyn)
- gmail security is a joke
  - From: scott at doc.net.au (Scott Howard)
- gmail security is a joke
  - From: bill at herrin.us (William Herrin)
- gmail security is a joke
  - From: bzs at world.std.com (Barry Shein)

Prev by Date: gmail security is a joke
Next by Date: gmail security is a joke
Previous by thread: gmail security is a joke
Next by thread: gmail security is a joke
Index(es):
- Date
- Thread