View Single Post
Old 19 Jun 2016, 06:43 PM   #10
zimmermanfan
Essential Contributor
 
Join Date: Aug 2010
Posts: 200
Mailfence requires an e-mail address for registration. This is flawed for several reasons.

* Creates chicken-egg problem. It's wrong to presume the user has e-mail service already. If the user does not already have an e-mail account, Mailfence blocks them from creating one. If they had one already, they might not need a Maifence account in the first place.

* If the user already has an e-mail account, then linking the two accounts defeats the purpose of having two accounts. It's bad identity management. Either way it's broken.

* I'll be the judge of whether I need a password recovery mechanism. It's less secure to supply an e-mail address for password recovery because if the other e-mail account is compromised, the adversary can attack the mailfence account by simply requesting a password reset.

* Even if an adversary has not compromised the password recovery account, sending tokens in the clear via e-mail is also prone to attack.

It's essential that disclosing a password recovery e-mail address be optional (or non-existent). Since this is a mandate, I'm out. I will not be registering on mailfence or advocating it to others until this is fixed.
zimmermanfan is offline   Reply With Quote