
Ask HN: Is it OK to reset password over email without TLS? - MarkMc
Many websites store sensitive user data but are willing to send a password reset code to an email address without TLS encryption.<p>Isn&#x27;t that a security risk?  Is this OK because websites consider it to be the user&#x27;s responsibility to use an email service that supports TLS encryption?
======
BuuQu9hu
Yes it is a security risk. Seems unlikely that any email sending scenario can
detect TLS on the recipient server, especially since there could be forwarders
in between.

Ultimately, we need to get rid of passwords and password resets.

~~~
MarkMc
Hmm...If I send an email to paul@foobar.com using TLS, doesn't that protect
the message between my email server and the foobar.com email server?

~~~
BuuQu9hu
Active MITM of the TLS connection is a problem and has happened on the scale
of entire countries IIRC, so I hope you are doing "proper" verification,
whatever that might mean for your two servers.

TLS without active MITM protects the connection, but only between your email
server and foobar.com. If someone@example.com is a forwarder to foo@bar.com
and there is no TLS on that connection, then there is an issue. Same for
unencrypted IMAP/POP3 connections from the laptop/phone endpoint to the final
mail resting point.

Of course, all the sysadmins on the chain have access to the data too. This is
where OpenPGP or SMIME come in.

