1) The app downloads your emails into their server.
2) Yes, they store that actual password. Which is ridiculous.
3) Yes, good for them for that, but still there are others where they store passwords. And that is not acceptable.
4) But that also means that they outsource the security part of things. Which doesn't lend faith to the idea that they know about security. And if someone realises how to control their application, all the passwords will be hacked.
5) Pidgin is stored locally. There's a difference. Not that I support it, but it's still better than someone storing my passwords.
> The app downloads your emails into their server.
They need to do that to back up the emails. The product may not be something you are interested in, but it doesn't mean the execution is flawed.
> Yes, they store that actual password. Which is ridiculous.
They have to in order to retrieve the emails. Blame the standards!
> Yes, good for them for that, but still there are others where they store passwords. And that is not acceptable.
See above
> But that also means that they outsource the security part of things.
> Which doesn't lend faith to the idea that they know about security.
> And if someone realises how to control their application, all the passwords will be hacked.
This isn't something with a black and white answer and I respect your opinion on this. I personally feel that they may know plenty about security and have decided that this is the most secure option. For example, I wouldn't write my own crypto, because I know enough about security to know how hard it is to do right.
they can't, unless the email service gives them oauth.
and even then allowing a 3rd party to backup your emails is a very dangerous thing to do. they say that credit card is more dangerous, i say no. for credit cards you can claim fraud.
when your email gets hacked, potentially your whole digital life is gone
Then what you need to write is, "I think that unproven email backup services are a bad idea", not, "these guys are idiots because they store a retrievable copy of your email credentials" which is necessary for the service that they are providing.
what they could have done is to allow users to autoforward their emails over to their servers or something. not impossible, but i'm not their employee and i'm not responsible for thinking up business strategies for them.
You can only archive incoming e-mails via autoforward, not drafts and not outgoing email (unless you use their mailservers, which is something completely different). If I want archiving for my e-mails, I have to give up my account credentials. You could actually do sufficient mischief with the archived e-mails, you don't need the account credentials in the first place. That sucks, but it's not their fault, this kind of service is inherently insecure.
Now, if you can demonstrate that this particular company has a particularly unsafe way of storing the passwords or the retrieved e-mails, then you're getting closer to having a valid point.
So what you're saying is that they should limit their market to those users that can successfully set up email forwarding, solely because storing passwords is bad.
Part of the service they're offering is that they'll restore the contents of your mailbox in case of accidental or malicious deletion. I have
and by storing the passwords, they are putting their users at risk. and we are in an era where email security means more than anything. it means access to all your services.
they should go think about how they can design a service securely before offering it.
in fact, seeing how your account was created to post that comment and seeing how it doesn't make sense, i would suspect that you actually work for them.
Everything he said makes perfect sense and I agree with it. A brief look at my HN profile should tell you I don't work for them. (Never heard of them before in fact.)
I think that you are practicing cargo cult security -- you're doing a cargo dance here over password storage mechanisms in a case where it doesn't apply.
This article is nonsense. The author isn't saying anything substantive about the "security" of this particular company. It should go without saying that email backup services will currently, in most cases, need to store your email login information in a retrievable way.
A slightly better post might have been,
"Beware unproven email backup services. Don't forget that if they make a mistake, potentially all of your email messages can be exposed to someone else. Since you probably have account credentials for other services stored in your email box, that situation can get ugly really fast."
I do believe that all this kurfuffle originates from a 'false package deal' composed by: factual data (we store passwords), your assumptions about our incompetence (we're bound to lose them), and your subjective valuation of risk vs. convenience. You should not feel bad about other people breaking down the argument in the different topics. I am a Dropmyemail employee who works hands on with the security of the site, although I'm replying on my personal capacity. We don't practice security through obscurity so we can discuss the technicalities of our security measures here. I would appreciate not being treated as an incompetent goon though, to keep things friendlier. I see on this thread you accuse someone of being sent by the company I work for to discredit you personally: They did not, furthermore, I personally see your article as a valuable service, you will see in our site that we try to be as transparent as possible, and there's nothing that I could want more than for people to actually know and understand what Dropmyemail is about. Thanks for your article.
If this refers to me, I was not attempting to discredit anyone.
I wanted to ensure people didn't think this was another "they store passwords in plain text because they don't know what a hash function is" stories we see every few days.
If you are interested in password security, why not write an article about Tesco?
Indeed, no system is fully secure, and we don't try to hide that fact, that's one of the reasons Dropmyemail exists in the first place. We offer people an off-site backup at the cost of trusting a third party with their password. This is a risk assessment discussion, and I believe although good for raising awareness about what dropmyemail offers, the original articles fails to make a distinction between the objective information it provides and what are your personal valuations on the risk involved (for example, it assumes one of the worst possible scenarios regarding our competence). Things get a bit confusing when non security related topics like storage capacity are mixed in though. I believe you are trying to help people to be safe and choose the better tool to solve their problem, I do think you are underestimating them a bit, but in case I'm wrong I repeat how valuable your article is in raising this issues.
And again, I am not doubting your competence. What I am saying is that we are all humans. Google might have hired the best computer scientists around the world but they still got hacked. It might even be a problem with the programming language you are using (rmb mass assignment on ROR?)
"We offer people an off-site backup at the cost of trusting a third party with their password."
Yes, this is my main point. People have to learn that they shouldn't be giving out passwords to just about anybody.
I fail to see the point made by that commenter that has not been made yet in this thread, other than the funny accusation of malice. We don't store plaintext passwords, and we are very aware of mass assignment bugs. (being suspected of such naive practices is why I mentioned the incompetence thing earlier). If security is a chain, then we strive not to be the weakest link. People have to learn what's the risk involved in giving out their password, how to evaluate who they give it to, and then make their own choice regarding whether they want to give it away or not. I get my hopes high when I read that you wouldn't mind people giving their password to a company that is better than 'just about anybody'. Convincing people that we are trustworthy was a big initial challenge for us, and still is as we reach out to more and more users.
yea, you are now aware of the mass assignment bugs, but what about previously? even github got affected by it. are you saying that they are incompetent? what about bugs that have yet to be revealed?
what i am saying is that there may be some things that you forget about, because we are all humans. and in order to mitigate the risk from us being humans, we should not store passwords in a way that is easily recovered.
Have you stopped beating your wife?
Are you now aware of the mass assignment bugs?
Aside from the fallacy, it is a false argument to pose all risk as bad. Given what is presumed to be your idea of acceptable risk, I would expect you to surf the net behind7proxies: http://knowyourmeme.com/memes/good-luck-im-behind-7-proxies
You're repeating yourself now, do remember that all systems are built by humans, and as far as encryption goes do remember that unless your email is encrypted on the server using a password requested from you in order to encrypt and decrypt it every time you read it, then you are not safe. We are professionals offering a professional service. And FYI, Rails developers have been aware of mass assignment bugs a long time before github got bitten.
Don't just read some web article talking about "always hash passwords" and repeat it as mantra. This is good practice for 90% of the time but there are definite use cases where having reversible encryption of passwords is necessary.
- The app checks your email on your behalf.
- You need the actual password to log into an IMAP server (android also stores your email passwords in clear text if you aren't using gmail http://code.google.com/p/android/issues/detail?id=10809).
- They clearly state this in their response, which the article completely ignores. They try to use OAuth where possible.
- They store the passwords encrypted via S3. Personally, I'd prefer that to MySQL on a VPS somewhere.
- See also: https://developer.pidgin.im/wiki/PlainTextPasswords