| Re: Most secure way to reset a password via email link [message #185335 is a reply to message #185162] |
Wed, 19 March 2014 16:05   |
Arno Welzel
Messages: 317
Registered: October 2011
Karma:
|
Senior Member |
|
|
Am 05.03.2014 17:34, schrieb Gregor Kofler:
> Am 05.03.2014 16:54, jvd_200089(at)yahoo(dot)co(dot)uk meinte:
>> On Wednesday, 5 March 2014 15:35:30 UTC, The Natural Philosopher wrote:
>>> Then always use https to avoid man in the middle attacks
>>
>> Yes, email link will point to https:// but when using SSL what wrong with just redisplaying the password on the screen (after answer further security questions) because the data sent between server and client will by encrypted whereas an email to a standard pop3 email account won't be (or can you send SLL to a standard email)?
>
> TLS will encrypt mails. Provided by practically all contemporary mail
> servers and clients.
TLS will not encrypt mails. TLS is "Transport Layer Security" - it will
only encrypt the connection between the client and the server. But there
is no guarantee that this applies to all smarthots on the way from your
server to the clients (ISP) server.
Mail encryption would be nice - but so far I don't know any service who
offers to use a public PGP key or S/MIME certificate to send encrypted
mails to their customers.
--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]