[180146] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: gmail security is a joke

daemon@ATHENA.MIT.EDU (Aaron C. de Bruyn)
Tue May 26 15:28:45 2015

X-Original-To: nanog@nanog.org
In-Reply-To: <20150526160638.14758.qmail@ary.lan>
From: "Aaron C. de Bruyn" <aaron@heyaaron.com>
Date: Tue, 26 May 2015 12:28:26 -0700
To: John Levine <johnl@iecc.com>
Cc: NANOG mailing list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org

On Tue, May 26, 2015 at 9:06 AM, John Levine <johnl@iecc.com> wrote:
> If they do a reset, what difference does it make whether they send the
> password in plain text or as a one-time link?  Either way, if a bad
> guy can read the mail, he can steal the account.

If they can e-mail you your existing password (*cough*Netgear*cough*),
it means they are storing your credentials in the database
un-encrypted.

-A


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[180146] in North American Network Operators' Group

Re: gmail security is a joke

daemon@ATHENA.MIT.EDU (Aaron C. de Bruyn)Tue May 26 15:28:45 2015

daemon@ATHENA.MIT.EDU (Aaron C. de Bruyn)
Tue May 26 15:28:45 2015