Another thing that people maybe haven't thought of, and it's actually a wider issue than just email password compromises.
A lot of people just don't care that much about their password security. The thinking is "what's someone going to do if they can log into my email account and read my emails?" They don't think of the other potential consequences of having their password information leaked out. They don't consider the abuse that could happen when malicious users obtain this information. They see a password simply as a requirement to access their not-so-government-secret correspondence. So they choose a simple and easy to remember password. On Wed, Nov 17, 2021 at 2:17 PM Slavko via mailop <mailop@mailop.org> wrote: > Hi, > > Dňa Wed, 17 Nov 2021 13:31:50 -0600 Scott Mutter via mailop > <mailop@mailop.org> napísal: > > > Unless you are sending an encrypted password to your mail server (in > > which case, the compromiser still has the necessary to log into your > > email account) then this has to be decrypted some how by the email > > application. Again, if you're not entering anything to decrypt this > > then that means the necessary information to decrypt the encrypted > > stored password is on the system in some manner. > > I agree in principle, but it becomes real problem if that software is > used by 60 % of Internet users (hi Chrome), if it is used by 0,00x % > users, it must be really targeted attack, otherwise its success will be > very very low. > > Question remains, how valuable will be success targeted attack against > **regular** users -- IMO more theoretical than real (and some people > still consider me as paranoid ;-) ). > > regards > > -- > Slavko > https://www.slavino.sk > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
