Hacker News new | ask | show | jobs
by repelsteeltje 954 days ago
> Once a hacker gains access to a Facebook account, they can proceed to activate email encryption.

> This renders recovery emails sent to the user’s email address unreadable, as only the hacker has the encryption keys.

So: PGP encrypted emails were rarely used, except to lock out the legit user after account was compromised.
2 comments
sebstefan 954 days ago
Github asks you to log in again to add SSH keys in, this could've been similar

They're just looking for excuses

link
crtasm 954 days ago
A lot of account compromise is due to reused passwords so I'm not sure that's a complete solution.
link
Kwpolska 954 days ago
Sending a PGP-encrypted email with a verification link to activate the feature should solve that.
link
westurner 954 days ago
What are the disadvantages of only signing (and not encrypting the message body of) account reset emails?
link
sebstefan 954 days ago
The point is that much more sensitive things exist online and it's a solved problem
link
jhanschoo 954 days ago
What use case for FB relies on this feature?
link
martin_a 954 days ago
Almost sounds like a feature. :-)
link