On Thu, May 2, 2019 at 9:43 AM Grant Taylor via mailop <mailop@mailop.org> wrote:
> On 5/2/19 9:55 AM, Rich Kulawiec via mailop wrote: > > In addition: thanks to password re-use practices, which are epidemic, > > "giving provider $X a password so that they can POP email from provider > > $Y" is semantically equivalent to "giving provider $X passwords to > > some/most/all other accounts of other descriptions". Even if we > > presume the most scrupulous behavior by $X and its personnel -- and > > history shows that is often naive and dangerous -- it still increases > > the exposure/risk of the password in question. > > To me, provider $X trying $Y's credentials on on provider $Z is > tantamount to credential stuffing and constitutes hacking in my opinion. > > I may have naively given provider $X permission to access my account on > provider $Y. But that permission decidedly does NOT extend to /any/ > other provider. Period. End of story. > His point was that they are equivalent, regardless of what you want them to do with it. Being able to maybe sue them over some sort of breach of contract or computer fraud, sure, I guess, but doesn't change what's possible. And if they lose the password or get hacked, what permission of yours is involved? Brandon
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
