On Thu, Jul 03, 2008 at 01:50:44PM +0100, Alan Burlison wrote: > Ceri Davies wrote: > >>>> Well, you could reset them to random value X, mail out X, then require >>>> that they are changed immediately. Not saying that's any more secure, >>>> just that it is possible. >>> It's far less secure. >> >> Than having questions, yes. Than just mailing a password, I doubt it. > > We can't make any assumptions about the security of either the mail > transport, or the security of the mail destination - neither of which we > control. The strength of any security system generally degrades to be that > of the weakest component in the system. We won't be mailing plaintext > passwords, it is way too insecure.
Quite. I'm not even arguing that.
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
pgpfGdd9z31sH.pgp
Description: PGP signature
_______________________________________________ website-discuss mailing list [email protected]
