On Mi, 28 dec 11, 17:57:55, Camaleón wrote: > > If the user is logged in with that option set, keeps the session opened > and leaves the computer unattended, anyone can start using his account > for their own purposes (sending massively e-mails, changing the > password...). Having a completely encrypted session in the above > situation is useless because the user is already logged.
Most services I know (I just checked on Gmail) don't allow changing the password unless you also provide the old password, even if you are already logged in. Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
signature.asc
Description: Digital signature
