On Tue, 26 May 2015 19:11:51 +0300, Saku Ytti said: > > OTOH, recovery by receiving a token at a previously registered alternate > > email address > > seems relatively secure to me and I wouldn???t want to opt out of that. > > It's probably machine sent in seconds or minute after request, so doing > short-lived BGP hijack of MX might be reasonably easy way to get the email.
To be fair, if your e-mail address is high enough value that somebody is willing to risk getting caught doing a BGP hijack, maybe you have bigger problems to worry about.
pgpbC5pK9cIWR.pgp
Description: PGP signature