|
|
|
|
|
|
by AnIrishDuck
4821 days ago
|
|
|
> how the act of entering an e-mail address is secure (other people may have access to my computer and know my e-mail address) Assuming you're saying other people have access to your email account already, it's game over: practically every site will send password reset procedures on demand to the email you used to create your account. Alternatively, if you're saying other people know your email address, that's not really relevant. They need to either be able to read email on your account (see above), or be able to implement an Identity Provider on your email domain. If an unauthorized party is able to implement an IdP on your email domain you have an even worse problem: your email provider apparently is unable to control basic aspects of their own domain. to actually implement an IdP, your email provider must publish a https://domain.com/.well-known/browserid file. If a rogue third party can do this at will, I'd say your email provider has horrible security and your security assumptions are probably broken anyway. |
|
|