The "forgot password" buttons on every web service mean that if someone gains access to your email account, they also get access to every other account you have.

It also means that your email provider can hack all your other accounts at any time, since they already have access to your email.

This is a horrendous violation of common sense. We're always advised to "use different passwords on everything", but how much does that matter if you have one account that invalidates all your other security mechanisms?

This wouldn't bother me so much if it was something we could choose not to do. But the problem is that none of us have any choice, because not a single web service offers a setting to either disable password reset or encrypt the emails. Not even Github, a website specifically for programmers and that already allows you to set public keys on your account!

I'm setting a good example with this website by letting users upload PGP keys to encrypt their password reset emails with. This is basic security practice. Having password reset without a feature like this should be seen as similar to storing passwords in plain text, but it isn't. Even the people who write great stuff about security go on to make web services that effectively accept your email password as an alternative to the one you set, and there's nothing you can do about it.

This is a huge problem. Spread the word.



This page was last modified (UTC)