[Feature Request] PGP encrypt credentials email
I think this is the one biggest weakest link in the PIA model.
The credentials are sent in cleartext in an email that could potentially be read by many: ISP, email provider, hackers and anyone with access to your account.
When I signed up I did so using an email address with a publicly available public PGP key (It's on the keyservers).
It would have been nice to be able to request the credentials were PGP encrypted before being sent.
I know not everyone uses PGP but everyone should, and for those of us who do, vital and confidential information such as this should ALWAYS be sent PGP encrypted over such an insecure protocol as email.
There is a clear example here of why this is a problem.
Discuss?
The credentials are sent in cleartext in an email that could potentially be read by many: ISP, email provider, hackers and anyone with access to your account.
When I signed up I did so using an email address with a publicly available public PGP key (It's on the keyservers).
It would have been nice to be able to request the credentials were PGP encrypted before being sent.
I know not everyone uses PGP but everyone should, and for those of us who do, vital and confidential information such as this should ALWAYS be sent PGP encrypted over such an insecure protocol as email.
There is a clear example here of why this is a problem.
Discuss?
Comments