In article <caknnfz_apy8khbxj0umgoq6ufcd640jtxe9a+2tqu-d761-...@mail.gmail.com> you write: >Haha I cringe when I do a password recovery at a site and they either email >the current pw to me in plain text or just as bad reset it then email it in >plain text. Its really sad that stuff this bad is still so common.
If they do a reset, what difference does it make whether they send the password in plain text or as a one-time link? Either way, if a bad guy can read the mail, he can steal the account. Given the enormous scale of Gmail, I think they do a reasonable job of account security. If you want to make your account secure with an external account or an external token (a physical one like a yubikey or a software one like the authenticator app), you can. Or if you consider your account to be low value, you can treat it that way, too. R's, John
