2 Jan
2019
2 Jan
'19
10:14 p.m.
On 1/2/19 2:47 PM, Jeremy Jongepier wrote:
On 1/2/19 4:38 PM, mailing(a)joergsorge.de wrote:
Although LA* are relatively safe lists and I'm not sure the damage
someone could do with my passwords, I'll tip my hat ++ in favour
of doing that. As long as we have standard 'forgot your password?'
retrieval, I hope we would all be OK with this logical move.
Tim.
Hi,
I've a question.
The List-System is sending the reminder once a month.
It includes the password unencrypted.
Is this a good idea?
From a security point of view no. You can't fully trust the path your
mails are traveling. And if your fetching your mail with standard IMAP
on port 143 or even POP3 then it's definitely insecure. We could disable
this feature, I'd be very much in favor for doing so.
Jeremy