[180181] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (John R. Levine)
Wed May 27 14:22:09 2015
X-Original-To: nanog@nanog.org
Date: 27 May 2015 14:22:04 -0400
From: "John R. Levine" <johnl@iecc.com>
To: "Barry Shein" <bzs@world.std.com>
In-Reply-To: <21862.1063.465196.824619@world.std.com>
Cc: NANOG mailing list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> The OP was correct, if they can send you your cleartext password then
> their security practices are inadequate, period.
>
> Unless I misunderstand what you're saying (I sort of hope I do) this
> is Security 101.
As I've said a couple of times already, but perhaps without the capital
letters, from a security point of view, generating a NEW PASSWORD and
sending it in cleartext is no worse than sending you a one time reset
link. Either way, if a bad guy can intercept your mail, you lose.
A few moments' thought will confirm this has nothing to do with the way
passwords are stored within the mail system's database.
R's,
John
