Multiple uid's vs. multiple primary keys & "master signing keys"

Faramir at
Wed Jun 25 11:45:57 CEST 2008

Hash: SHA256

David Koppenhofer escribió:
> On Mon, Jun 23, 2008 at 11:30 PM, Faramir < at> wrote:
>>  I heard, a couple of weeks ago, about somebody who lost all her email
>> accounts because her primary email address was hacked. The hacker knew
>> the other email addresses, used the option "I forgot my password, send
>> it to my secondary email", and all the other email accounts sent their
>> passwords to the email that was compromised... allowing the hacker to
>> take control of all these accounts, changing the security questions and
>> secondary emails, so the true owner can't recover the accounts.
> The thought of 'tying' my email accounts together through "I forgot my
> password, send to my secondary email" has given me pause in the past.
> I don't think any of my email accounts are currently set up with
> another as a "secondary" email; password recovery is usually through
> other means (e.g. security questions).
> Thanks for sharing your thoughts about this.

 Security questions are fine, but, as an example, gmail only allow to
use that option after several days have passed since the last user
login. But sending the new pass to a secondary email account is always
ready. Also, if I am not wrong, at the time when you needed an
invitation to make a gmail account, if you invited yourself, the new
account had the secondary email account set by default...

  Now I created a "secret" account, and bound my emails to that one...
it is not in any of my address books, and there will never be a message
sent from that address... I hope that would be secure enough...

  I know this is a bit off-topic, but since gnupg is focused on privacy
and security... and this relates to multiple UIDs bound to the same key.

Best Regards
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list