Re: [OT] web email acct compromised
On Wed, 28 Dec 2011 21:38:36 +0200, Andrei Popescu wrote:
> On Mi, 28 dec 11, 17:57:55, Camaleón wrote:
>>
>> If the user is logged in with that option set, keeps the session opened
>> and leaves the computer unattended, anyone can start using his account
>> for their own purposes (sending massively e-mails, changing the
>> password...). Having a completely encrypted session in the above
>> situation is useless because the user is already logged.
>
> Most services I know (I just checked on Gmail) don't allow changing the
> password unless you also provide the old password, even if you are
> already logged in.
You're right. I was not aware of it, that's good to know (an extra of
security mesaures does not hurt anyone):
Changing your password
http://support.google.com/mail/bin/answer.py?hl=en&answer=6567
Greetings,
--
Camaleón
Reply to: