Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Posted Nov 6, 2025 14:38 UTC (Thu) by dskoll (subscriber, #1630)In reply to: Email insecurity (was One of the great benefits of Open Source) by taladar
Parent article: Debian to require Rust as of May 2026
I actually hate having to log in to some system or even visit a web site just to read a message that could have been sent by email. The absolute worst are the ones that send you an email just to tell you that you have a message you need to read. Just send me the damn message in the first place!!
I don't want phone or desktop notifications for most things. Those are far more intrusive than emails because they generally make a noise or pop something up that demands attention. A unexpected withdrawal from my account? Yes, interrupt me. A notification that my statement is ready? No, do not interrupt me! If I get too many notifications, I'll block them which will defeat the purpose of important notifications getting through.
I agree that relying on email for account recovery is not all that secure. But until everyone has a Yubikey that they never lose (plus a spare!) and uses it religiously, we're kind of stuck with best-effort mechanisms.
Posted Nov 6, 2025 15:14 UTC (Thu)
by geert (subscriber, #98403)
[Link] (1 responses)
Posted Nov 6, 2025 18:59 UTC (Thu)
by rschroev (subscriber, #4164)
[Link]
Email insecurity (was One of the great benefits of Open Source)
After logging in securily, you can download the message, which is a PDF file containing a nice formal letter on government letterhead telling you you have a new document at another government site.
After logging in on the second site, you can finally enjoy the real document, which turns out not to be that urgent and important anyway...
Email insecurity (was One of the great benefits of Open Source)