Multiple uid's vs. multiple primary keys & "master signing keys"

David Koppenhofer david at
Wed Jun 25 05:03:51 CEST 2008

On Mon, Jun 23, 2008 at 11:30 PM, Faramir < at> wrote:
>  I heard, a couple of weeks ago, about somebody who lost all her email
> accounts because her primary email address was hacked. The hacker knew
> the other email addresses, used the option "I forgot my password, send
> it to my secondary email", and all the other email accounts sent their
> passwords to the email that was compromised... allowing the hacker to
> take control of all these accounts, changing the security questions and
> secondary emails, so the true owner can't recover the accounts.

The thought of 'tying' my email accounts together through "I forgot my
password, send to my secondary email" has given me pause in the past.

I don't think any of my email accounts are currently set up with
another as a "secondary" email; password recovery is usually through
other means (e.g. security questions).

Thanks for sharing your thoughts about this.


More information about the Gnupg-users mailing list