Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

When I'm on an untrusted computer, e.g. in an internet cafe, I typically try to avoid logging into webmail. E.g. I'll first put files I want to print into Dropbox and then log into that instead, (the consequences of an attacker getting access to my Dropbox are less grave than an attacker accessing my email account). This extra precaution is not possible with this NoPassword scheme.


That's my exact thought. An idea solution is to check your mail on your phone, open a link that is essentially a second layer of authentication where you can login by clicking on the link in your mobile device, then refresh the page on the desktop and you'll be logged in.

I still see this cluttering up my inbox, they would need to be deleted right away...for me it's just easier to type in a password.


The consequences of an attacker getting access to my Dropbox are less grave than an attacker accessing my email account.

Can you be specific as to why? If you use Dropbox for personal information, I'd assume it would be similar.


Once someone has access to your e-mail, they can reset your password and log into anything that you used that e-mail to sign up for. With Dropbox, all they'd have access to is whatever files you happen to have in your Dropbox at the time.


1 reason would be that you can reset your dropbox password with your email, but you can't get your email password from dropbox (unless you store something silly like passwords.txt in dropbox)


Email is basically master key for all accounts.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: