Multiple uid's vs. multiple primary keys & "master signing keys"
Faramir
faramir.cl at gmail.com
Wed Jun 25 11:45:57 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
David Koppenhofer escribió:
> On Mon, Jun 23, 2008 at 11:30 PM, Faramir <faramir.cl at gmail.com> wrote:
>> I heard, a couple of weeks ago, about somebody who lost all her email
>> accounts because her primary email address was hacked. The hacker knew
>> the other email addresses, used the option "I forgot my password, send
>> it to my secondary email", and all the other email accounts sent their
>> passwords to the email that was compromised... allowing the hacker to
>> take control of all these accounts, changing the security questions and
>> secondary emails, so the true owner can't recover the accounts.
>
> The thought of 'tying' my email accounts together through "I forgot my
> password, send to my secondary email" has given me pause in the past.
>
> I don't think any of my email accounts are currently set up with
> another as a "secondary" email; password recovery is usually through
> other means (e.g. security questions).
>
> Thanks for sharing your thoughts about this.
Security questions are fine, but, as an example, gmail only allow to
use that option after several days have passed since the last user
login. But sending the new pass to a secondary email account is always
ready. Also, if I am not wrong, at the time when you needed an
invitation to make a gmail account, if you invited yourself, the new
account had the secondary email account set by default...
Now I created a "secret" account, and bound my emails to that one...
it is not in any of my address books, and there will never be a message
sent from that address... I hope that would be secure enough...
I know this is a bit off-topic, but since gnupg is focused on privacy
and security... and this relates to multiple UIDs bound to the same key.
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJIYhPVAAoJEMV4f6PvczxADaUIAKSDg52YQnUHPEAr1qvt7Ml3
urSn9tAIE4EvdQ8Xsn5/ZzwcV4HYENhP5XqakQwYBIDwuXBM4lS6bIyC/FF7fJGC
GkMIedn/c6HaYBLu/yNmYwQFwFuurQzCx8sp5VUxY7g/tB+pv93wcY7T/yrck6iP
7GOXV9RbyE93R+US/aCNynjxFg+enCUxhz+NWvnC2mR9t1P1lZnnTKE66ZoKmhHo
4cGSuLYalvXDJCbP2Q4MGdbAeSWF1CfYGTw/RwEn4e0PczKCiLCd7EaNNUcfRg3a
dPqS8aYqdTVHWY1fLIjp/3CkF7pl4ZO64no2+lxg6GLlpMqEzP/bk09B5s4FJBY=
=/eYI
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list