Hacker News new | comments | show | ask | jobs | submit login

No, but it does mean that anyone who's able to view your traffic or your mail box content could've seen the password (anyone controlling any router or a mail relay between you and them, or your mail service provider, or even someone with tcpdump on your LAN segment).

If your threat model includes hostile mail relays, you probably shouldn't be using bargain basement VPS providers.

Password-reset emails are also easy for an attacker to generate, and no harder for them to intercept than the welcome email.

Right, that's what GP said in the comment you replied to: that he probably should not use that VPS provider.

And yes, password-reset emails may also be a concern (not as severe, though, if reset emails are single-use and have short TTL).

But you at least know your account has been compromised.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact