[BNM] Emailing 'sensitive' data...
Chris Adams
chris at pynto.com
Fri Jun 5 10:08:48 BST 2009
thnaks sam & max too - interesting options... interested in the
one-time-key thing if anyone has any further thoughts on that?
Sam Michel wrote:
> Hi Chris,
>
> I'm never a fan of sending username/password data over email. If you
> have to, then sending them separately would be better. Email is
> fundamentally insecure. Even if users are connecting to their POP or
> IMAP servers using a secure connection, there's no encryption in the
> SMTP protocol used to send email between servers.
>
> Also email may be routed through several servers before it reaches the
> point where a user can pick it up. You're relying on the fact that each
> server in that chain is secure. In an ideal world, I'd avoid sending
> password information but have the user come back to the site with a
> one-time key that allows them to reset their password.
>
> There's some design patterns knocking about which describe a bunch of
> methods for this process. I'm sure someone on the list can point you in
> their direction.
>
> Hope that helps.
>
> Toodle Pip
>
> Sam
> ---------------------------------------------------------------
> Sam Michel, CEO - e: sam at chinwag.com
> t: +44 (0)20 7183 2923 f: +44 (0)870 730 7312
> Chinwag - http://www.chinwag.com
> Twitter - http://twitter.com/toodlepip
> ---------------------------------------------------------------
> - *New* Chinwag Jobs on Twitter - http://twitter.com/chinwagjobs
> - Sam @ Chinwag: http://blogs.chinwag.com/sammichel
> - Sam @ Toodlepip: http://www.toodlepip.co.uk
> --------------------------------------------------------------
>
>
> -----Original Message-----
> From: bnmlist-bounces at brightonnewmedia.org
> [mailto:bnmlist-bounces at brightonnewmedia.org] On Behalf Of Chris Adams
> Sent: 05 June 2009 09:56
> To: Brighton New Media
> Subject: [BNM] Emailing 'sensitive' data...
>
> Hello all bnmers!
> I have a query about sending sensitive data & general feedback would be
> very much appreciated...
> For most of our clients we tend to email out username & password details
>
> for email accounts, ftp etc - is this acceptable? How likely is it that
> this could be intercepted and then maliciously used? Anyone got any
> better, more secure ways of doing this?
> Enjoy your Friday.... lets hope we have another lovely weekend of
> sunshine ;]
> Cheers,
> Chris
>
>
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.339 / Virus Database: 270.12.53/2155 - Release Date: 06/04/09 17:55:00
>
More information about the BNMlist
mailing list. Powered by Wessex Networks