Yes -- this is the only real vulnerability: that the password being
sent might be intercepted or snooped upon. Not in someone guessing it.
(Unless of course the password generator is not really very random. If
it is based on something un-interesting and reasonably calculatable
like the computer clock timer or the sending IP address then maybe one
would have a problem.)
FF
On 7/5/05, Rowan Collins <rowan.collins(a)gmail.com> wrote:
So don't register an e-mail address with your
account, and then no
generated password will ever be sent out that way. This danger isn't
really reliant on the password being valid for a long time, only on it
being sent to or through an insecure e-mail server. If you're worried
someone may be trying to exploit the e-mailed password to get into
your account, change your real password, and it will immediately cease
being valid.
Besides, if this was a banking site, I'd take these issues a bit more
seriously; if someone just wants to impersonate or disadvantage you on
Wikipedia, I'm sure they could find simpler ways anyway.
--
Rowan Collins BSc
[IMSoP]
_______________________________________________
WikiEN-l mailing list
WikiEN-l(a)Wikipedia.org
http://mail.wikipedia.org/mailman/listinfo/wikien-l