Multiple uid's vs. multiple primary keys & "master signing keys"
David Koppenhofer
david at coffeefish.org
Wed Jun 25 14:20:15 CEST 2008
On Wed, Jun 25, 2008 at 5:45 AM, Faramir <faramir.cl at gmail.com> wrote:
> David Koppenhofer escribió:
>> I don't think any of my email accounts are currently set up with
>> another as a "secondary" email; password recovery is usually through
>> other means (e.g. security questions).
>
> Security questions are fine, but, as an example, gmail only allow to
> use that option after several days have passed since the last user
> login. But sending the new pass to a secondary email account is always
> ready. Also, if I am not wrong, at the time when you needed an
> invitation to make a gmail account, if you invited yourself, the new
> account had the secondary email account set by default...
>
> Now I created a "secret" account, and bound my emails to that one...
> it is not in any of my address books, and there will never be a message
> sent from that address... I hope that would be secure enough...
>
> I know this is a bit off-topic, but since gnupg is focused on privacy
> and security... and this relates to multiple UIDs bound to the same key.
I checked several of my email accounts, and a few do use a secondary
email address (like gmail). There are also all my non-email web
accounts that are associated with an email address, but I'm not quite
as concerned about those since those wouldn't show up in UIDs. (though
they are vulnerable if my email account is cracked)
It just goes to show that you need to pick a good pass[word|phrase],
especially for your main email account, and hope that the
administrator had made it resistant to cracking attempts.
Sorry if this drifted too far OT for the list...
David
More information about the Gnupg-users
mailing list