It amazes me how many sites allow you to register, and then send you an
e-mail to your registered address containing your password in
plain-text. There is never a warning stating that the site will email
the password you use, for all to see.
Sending passwords by e-mail works when you forget a password. The site changes it and e-mails you the new one, which you then use to log in and change it to something else. The e-mailed password is not active for very long, and it isn't something you chose.
Sending you your own password, either in a welcome e-mail once you register, or as a response to a "forgot password" request is bad security. Really bad security.
Compounding this is the fact that e-mail providers such as Google Gmail state in their privacy policy that "deleted" e-mail may be kept indefinitely on their backup servers. As soon as someone e-mails you your password in plain-text, to a Gmail account, Google are likely to have that archived forever.
You can't tell whether a site is going to do to this, so it isn't possible to use a "less sensitive" password for sites which will e-mail your password back to you. If you have groups of passwords; one for sites you use to pay for things, one for forums, one for other less important sites, for instance, then you may enter your "usual" password without realising it may be compromised by being sent in an e-mail, visible to anyone along the way that wants to read it.
Sites should seriously consider the security implications of sending passwords by e-mail, especially if there is no prior warning that this will happen!
Sending passwords by e-mail works when you forget a password. The site changes it and e-mails you the new one, which you then use to log in and change it to something else. The e-mailed password is not active for very long, and it isn't something you chose.
Sending you your own password, either in a welcome e-mail once you register, or as a response to a "forgot password" request is bad security. Really bad security.
Compounding this is the fact that e-mail providers such as Google Gmail state in their privacy policy that "deleted" e-mail may be kept indefinitely on their backup servers. As soon as someone e-mails you your password in plain-text, to a Gmail account, Google are likely to have that archived forever.
You can't tell whether a site is going to do to this, so it isn't possible to use a "less sensitive" password for sites which will e-mail your password back to you. If you have groups of passwords; one for sites you use to pay for things, one for forums, one for other less important sites, for instance, then you may enter your "usual" password without realising it may be compromised by being sent in an e-mail, visible to anyone along the way that wants to read it.
Sites should seriously consider the security implications of sending passwords by e-mail, especially if there is no prior warning that this will happen!
No comments:
Post a Comment