[WikiEN-l] Fwd: Password reminder from Wikipedia
Fastfission
fastfission at gmail.com
Tue Jul 5 22:39:32 UTC 2005
Yes -- this is the only real vulnerability: that the password being
sent might be intercepted or snooped upon. Not in someone guessing it.
(Unless of course the password generator is not really very random. If
it is based on something un-interesting and reasonably calculatable
like the computer clock timer or the sending IP address then maybe one
would have a problem.)
FF
On 7/5/05, Rowan Collins <rowan.collins at gmail.com> wrote:
> So don't register an e-mail address with your account, and then no
> generated password will ever be sent out that way. This danger isn't
> really reliant on the password being valid for a long time, only on it
> being sent to or through an insecure e-mail server. If you're worried
> someone may be trying to exploit the e-mailed password to get into
> your account, change your real password, and it will immediately cease
> being valid.
>
> Besides, if this was a banking site, I'd take these issues a bit more
> seriously; if someone just wants to impersonate or disadvantage you on
> Wikipedia, I'm sure they could find simpler ways anyway.
>
> --
> Rowan Collins BSc
> [IMSoP]
> _______________________________________________
> WikiEN-l mailing list
> WikiEN-l at Wikipedia.org
> http://mail.wikipedia.org/mailman/listinfo/wikien-l
>
More information about the WikiEN-l
mailing list