|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kevin Spett (kspett_at_spidynamics.com)
Date: Sun Oct 20 2002 - 20:19:39 CDT
> The simple solution to this problem is to actually generate a new
> password for the user and email them that instead and force them to
> change it on the first login. That achieves a few security goals:
This does nothing to defend against the scenario I wrote about earlier in
this thread. You can read it here:
http://archives.neohapsis.com/archives/sf/www-mobile/2002-q4/0020.html
To reiterate, unencrypted email offers no garauntee of privacy or
authenticity.
Kevin Spett
SPI Labs
http://www.spidynamics.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]