Yes -- this is the only real vulnerability: that the password being sent might be intercepted or snooped upon. Not in someone guessing it.
(Unless of course the password generator is not really very random. If it is based on something un-interesting and reasonably calculatable like the computer clock timer or the sending IP address then maybe one would have a problem.)
FF
On 7/5/05, Rowan Collins rowan.collins@gmail.com wrote:
So don't register an e-mail address with your account, and then no generated password will ever be sent out that way. This danger isn't really reliant on the password being valid for a long time, only on it being sent to or through an insecure e-mail server. If you're worried someone may be trying to exploit the e-mailed password to get into your account, change your real password, and it will immediately cease being valid.
Besides, if this was a banking site, I'd take these issues a bit more seriously; if someone just wants to impersonate or disadvantage you on Wikipedia, I'm sure they could find simpler ways anyway.
-- Rowan Collins BSc [IMSoP] _______________________________________________ WikiEN-l mailing list WikiEN-l@Wikipedia.org http://mail.wikipedia.org/mailman/listinfo/wikien-l