How risky is using e-mail to manage passwords?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
4
down vote

favorite
1












No doubt there a better and more secure ways to manage passwords, but I'd like to can make an informed decision to determine if this is just too risky.



Briefly then, when I receive a "welcome new user" message, I forward that message to myself and include the password. I know, I know, this is basically an electronic version of post-it notes but I have a couple of good reasons for using it. I need your help to see if they are good enough or if they are even valid.



So, the main reasons I think this may be "ok" are:



  1. The messages are stored only on my local machine. After receiving
    them, I make sure that all copies are removed from the server.

  2. The (corporate) e-mail system I use is encrypted and "safe"

  3. To gain access to the passwords, a hacker would need to be granted
    access to my machine which is less likely as it is on a corporate
    network.

  4. If a hacker did happen to gain access, he would not likely think to
    look in archived e-mail messages stored on the local machine

So, am I just asking to have all of my passwords compromised? I there any way to quantify this risk?










share|improve this question







New contributor




Michael J is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
    – reed
    5 hours ago











  • I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
    – Ben
    4 hours ago
















up vote
4
down vote

favorite
1












No doubt there a better and more secure ways to manage passwords, but I'd like to can make an informed decision to determine if this is just too risky.



Briefly then, when I receive a "welcome new user" message, I forward that message to myself and include the password. I know, I know, this is basically an electronic version of post-it notes but I have a couple of good reasons for using it. I need your help to see if they are good enough or if they are even valid.



So, the main reasons I think this may be "ok" are:



  1. The messages are stored only on my local machine. After receiving
    them, I make sure that all copies are removed from the server.

  2. The (corporate) e-mail system I use is encrypted and "safe"

  3. To gain access to the passwords, a hacker would need to be granted
    access to my machine which is less likely as it is on a corporate
    network.

  4. If a hacker did happen to gain access, he would not likely think to
    look in archived e-mail messages stored on the local machine

So, am I just asking to have all of my passwords compromised? I there any way to quantify this risk?










share|improve this question







New contributor




Michael J is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
    – reed
    5 hours ago











  • I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
    – Ben
    4 hours ago












up vote
4
down vote

favorite
1









up vote
4
down vote

favorite
1






1





No doubt there a better and more secure ways to manage passwords, but I'd like to can make an informed decision to determine if this is just too risky.



Briefly then, when I receive a "welcome new user" message, I forward that message to myself and include the password. I know, I know, this is basically an electronic version of post-it notes but I have a couple of good reasons for using it. I need your help to see if they are good enough or if they are even valid.



So, the main reasons I think this may be "ok" are:



  1. The messages are stored only on my local machine. After receiving
    them, I make sure that all copies are removed from the server.

  2. The (corporate) e-mail system I use is encrypted and "safe"

  3. To gain access to the passwords, a hacker would need to be granted
    access to my machine which is less likely as it is on a corporate
    network.

  4. If a hacker did happen to gain access, he would not likely think to
    look in archived e-mail messages stored on the local machine

So, am I just asking to have all of my passwords compromised? I there any way to quantify this risk?










share|improve this question







New contributor




Michael J is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











No doubt there a better and more secure ways to manage passwords, but I'd like to can make an informed decision to determine if this is just too risky.



Briefly then, when I receive a "welcome new user" message, I forward that message to myself and include the password. I know, I know, this is basically an electronic version of post-it notes but I have a couple of good reasons for using it. I need your help to see if they are good enough or if they are even valid.



So, the main reasons I think this may be "ok" are:



  1. The messages are stored only on my local machine. After receiving
    them, I make sure that all copies are removed from the server.

  2. The (corporate) e-mail system I use is encrypted and "safe"

  3. To gain access to the passwords, a hacker would need to be granted
    access to my machine which is less likely as it is on a corporate
    network.

  4. If a hacker did happen to gain access, he would not likely think to
    look in archived e-mail messages stored on the local machine

So, am I just asking to have all of my passwords compromised? I there any way to quantify this risk?







password-management






share|improve this question







New contributor




Michael J is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




Michael J is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




Michael J is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 5 hours ago









Michael J

211




211




New contributor




Michael J is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Michael J is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Michael J is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











  • What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
    – reed
    5 hours ago











  • I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
    – Ben
    4 hours ago
















  • What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
    – reed
    5 hours ago











  • I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
    – Ben
    4 hours ago















What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
– reed
5 hours ago





What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
– reed
5 hours ago













I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
– Ben
4 hours ago




I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
– Ben
4 hours ago










2 Answers
2






active

oldest

votes

















up vote
4
down vote














  1. ... I make sure that all copies are removed from the server.



No, you don't. Copies may exist in backups, swapfiles, wear-leveled Flash memory, and elsewhere.




  1. If a hacker did happen to gain access, he would not likely think to look ...



Now he would.



Just use one of the well-reviewed password manager programs. Re-inventing the square wheel is a poor use of your time.






share|improve this answer



























    up vote
    1
    down vote














    The messages are stored only on my local machine. After receiving them, I make sure that all copies are removed from the server.




    Unless GPG/PGP or SSL/TLS is used between email servers. E.g. an email from Outlook being sent to Gmail. Then this would be a huge risk point. However, without E2EE (end-to-end encryption) server A and server B, can still read the emails, as SSL/TLS will only provide endpoint security between the two servers, and not at rest.




    The (corporate) e-mail system I use is encrypted and "safe"




    This would be fine, except the wording 'corporate'. As I cannot see how E2EE is handled, therefore, I cannot place any trust in ciphers. This has another problem though, does corporate email (server A) encrypt the email so only you can access the email? This means once the email is encrypted, server A and server B (where the email will be received from server A) cannot read the plaintext email contents. The only one capable of decrypting the ciphertext is you, and not any server.



    This would be an implementation of PGP.




    To gain access to the passwords, a hacker would need to be granted access to my machine which is less likely as it is on a corporate network.




    Given no plaintext, or decryptable copies (within a reasonable timeframe) are kept on any servers, this sounds good. However, you must now ensure the emails stored locally can only be accessed by you, and if your machine is compromised, how will you play interference? Encrypting your local email contents could be a viable option here. Mozilla Thunderbird offers 'profile encryption'. However, this only allows Encrypting File System (EFS), which provides it's the only limitation. EFS will need to be your choice. Personally, I would opt for either an encrypted virtual machine (full-disk encryption) or, another user where I would encrypt the user's home directory.



    I can foresee another problem though because Thunderbird does not know the message body contains a sensitive password, it may store contents within the cache, swap memory or make temporary files stored within secondary storage (e.g. HDD) - Note this point is mereconjecture and should be acknowledged for all programs.




    If a hacker did happen to gain access, he would not likely think to look in archived e-mail messages stored on the local machine




    While this could be unlike, I would not want to risk my security on 'hope', especially the idea of 'I hope they will not think of this'.




    Is there any way to quantify this risk?




    I can break this down into several other points:



    • Is full-disk encryption used?

      • or is user directory encryption used?


    • How easily can the email profile contents be accessed locally?

      • is profile encryption used?


    • How protected are you against spyware?

    • What safeguards do you have against physical access, e.g. Evil Maid Attack?

    These are only a few points, more can be added, but these would be major attack vectors to consider. If you are considering an alternative, but want an open source solution, consider KeePassX. If used correctly, it can also be used as a cloud-based password manager.



    For further reading, Is sending password to user email secure?






    share|improve this answer




















      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "162"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );






      Michael J is a new contributor. Be nice, and check out our Code of Conduct.









       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f193743%2fhow-risky-is-using-e-mail-to-manage-passwords%23new-answer', 'question_page');

      );

      Post as a guest






























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      4
      down vote














      1. ... I make sure that all copies are removed from the server.



      No, you don't. Copies may exist in backups, swapfiles, wear-leveled Flash memory, and elsewhere.




      1. If a hacker did happen to gain access, he would not likely think to look ...



      Now he would.



      Just use one of the well-reviewed password manager programs. Re-inventing the square wheel is a poor use of your time.






      share|improve this answer
























        up vote
        4
        down vote














        1. ... I make sure that all copies are removed from the server.



        No, you don't. Copies may exist in backups, swapfiles, wear-leveled Flash memory, and elsewhere.




        1. If a hacker did happen to gain access, he would not likely think to look ...



        Now he would.



        Just use one of the well-reviewed password manager programs. Re-inventing the square wheel is a poor use of your time.






        share|improve this answer






















          up vote
          4
          down vote










          up vote
          4
          down vote










          1. ... I make sure that all copies are removed from the server.



          No, you don't. Copies may exist in backups, swapfiles, wear-leveled Flash memory, and elsewhere.




          1. If a hacker did happen to gain access, he would not likely think to look ...



          Now he would.



          Just use one of the well-reviewed password manager programs. Re-inventing the square wheel is a poor use of your time.






          share|improve this answer













          1. ... I make sure that all copies are removed from the server.



          No, you don't. Copies may exist in backups, swapfiles, wear-leveled Flash memory, and elsewhere.




          1. If a hacker did happen to gain access, he would not likely think to look ...



          Now he would.



          Just use one of the well-reviewed password manager programs. Re-inventing the square wheel is a poor use of your time.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 4 hours ago









          mlp

          46046




          46046






















              up vote
              1
              down vote














              The messages are stored only on my local machine. After receiving them, I make sure that all copies are removed from the server.




              Unless GPG/PGP or SSL/TLS is used between email servers. E.g. an email from Outlook being sent to Gmail. Then this would be a huge risk point. However, without E2EE (end-to-end encryption) server A and server B, can still read the emails, as SSL/TLS will only provide endpoint security between the two servers, and not at rest.




              The (corporate) e-mail system I use is encrypted and "safe"




              This would be fine, except the wording 'corporate'. As I cannot see how E2EE is handled, therefore, I cannot place any trust in ciphers. This has another problem though, does corporate email (server A) encrypt the email so only you can access the email? This means once the email is encrypted, server A and server B (where the email will be received from server A) cannot read the plaintext email contents. The only one capable of decrypting the ciphertext is you, and not any server.



              This would be an implementation of PGP.




              To gain access to the passwords, a hacker would need to be granted access to my machine which is less likely as it is on a corporate network.




              Given no plaintext, or decryptable copies (within a reasonable timeframe) are kept on any servers, this sounds good. However, you must now ensure the emails stored locally can only be accessed by you, and if your machine is compromised, how will you play interference? Encrypting your local email contents could be a viable option here. Mozilla Thunderbird offers 'profile encryption'. However, this only allows Encrypting File System (EFS), which provides it's the only limitation. EFS will need to be your choice. Personally, I would opt for either an encrypted virtual machine (full-disk encryption) or, another user where I would encrypt the user's home directory.



              I can foresee another problem though because Thunderbird does not know the message body contains a sensitive password, it may store contents within the cache, swap memory or make temporary files stored within secondary storage (e.g. HDD) - Note this point is mereconjecture and should be acknowledged for all programs.




              If a hacker did happen to gain access, he would not likely think to look in archived e-mail messages stored on the local machine




              While this could be unlike, I would not want to risk my security on 'hope', especially the idea of 'I hope they will not think of this'.




              Is there any way to quantify this risk?




              I can break this down into several other points:



              • Is full-disk encryption used?

                • or is user directory encryption used?


              • How easily can the email profile contents be accessed locally?

                • is profile encryption used?


              • How protected are you against spyware?

              • What safeguards do you have against physical access, e.g. Evil Maid Attack?

              These are only a few points, more can be added, but these would be major attack vectors to consider. If you are considering an alternative, but want an open source solution, consider KeePassX. If used correctly, it can also be used as a cloud-based password manager.



              For further reading, Is sending password to user email secure?






              share|improve this answer
























                up vote
                1
                down vote














                The messages are stored only on my local machine. After receiving them, I make sure that all copies are removed from the server.




                Unless GPG/PGP or SSL/TLS is used between email servers. E.g. an email from Outlook being sent to Gmail. Then this would be a huge risk point. However, without E2EE (end-to-end encryption) server A and server B, can still read the emails, as SSL/TLS will only provide endpoint security between the two servers, and not at rest.




                The (corporate) e-mail system I use is encrypted and "safe"




                This would be fine, except the wording 'corporate'. As I cannot see how E2EE is handled, therefore, I cannot place any trust in ciphers. This has another problem though, does corporate email (server A) encrypt the email so only you can access the email? This means once the email is encrypted, server A and server B (where the email will be received from server A) cannot read the plaintext email contents. The only one capable of decrypting the ciphertext is you, and not any server.



                This would be an implementation of PGP.




                To gain access to the passwords, a hacker would need to be granted access to my machine which is less likely as it is on a corporate network.




                Given no plaintext, or decryptable copies (within a reasonable timeframe) are kept on any servers, this sounds good. However, you must now ensure the emails stored locally can only be accessed by you, and if your machine is compromised, how will you play interference? Encrypting your local email contents could be a viable option here. Mozilla Thunderbird offers 'profile encryption'. However, this only allows Encrypting File System (EFS), which provides it's the only limitation. EFS will need to be your choice. Personally, I would opt for either an encrypted virtual machine (full-disk encryption) or, another user where I would encrypt the user's home directory.



                I can foresee another problem though because Thunderbird does not know the message body contains a sensitive password, it may store contents within the cache, swap memory or make temporary files stored within secondary storage (e.g. HDD) - Note this point is mereconjecture and should be acknowledged for all programs.




                If a hacker did happen to gain access, he would not likely think to look in archived e-mail messages stored on the local machine




                While this could be unlike, I would not want to risk my security on 'hope', especially the idea of 'I hope they will not think of this'.




                Is there any way to quantify this risk?




                I can break this down into several other points:



                • Is full-disk encryption used?

                  • or is user directory encryption used?


                • How easily can the email profile contents be accessed locally?

                  • is profile encryption used?


                • How protected are you against spyware?

                • What safeguards do you have against physical access, e.g. Evil Maid Attack?

                These are only a few points, more can be added, but these would be major attack vectors to consider. If you are considering an alternative, but want an open source solution, consider KeePassX. If used correctly, it can also be used as a cloud-based password manager.



                For further reading, Is sending password to user email secure?






                share|improve this answer






















                  up vote
                  1
                  down vote










                  up vote
                  1
                  down vote










                  The messages are stored only on my local machine. After receiving them, I make sure that all copies are removed from the server.




                  Unless GPG/PGP or SSL/TLS is used between email servers. E.g. an email from Outlook being sent to Gmail. Then this would be a huge risk point. However, without E2EE (end-to-end encryption) server A and server B, can still read the emails, as SSL/TLS will only provide endpoint security between the two servers, and not at rest.




                  The (corporate) e-mail system I use is encrypted and "safe"




                  This would be fine, except the wording 'corporate'. As I cannot see how E2EE is handled, therefore, I cannot place any trust in ciphers. This has another problem though, does corporate email (server A) encrypt the email so only you can access the email? This means once the email is encrypted, server A and server B (where the email will be received from server A) cannot read the plaintext email contents. The only one capable of decrypting the ciphertext is you, and not any server.



                  This would be an implementation of PGP.




                  To gain access to the passwords, a hacker would need to be granted access to my machine which is less likely as it is on a corporate network.




                  Given no plaintext, or decryptable copies (within a reasonable timeframe) are kept on any servers, this sounds good. However, you must now ensure the emails stored locally can only be accessed by you, and if your machine is compromised, how will you play interference? Encrypting your local email contents could be a viable option here. Mozilla Thunderbird offers 'profile encryption'. However, this only allows Encrypting File System (EFS), which provides it's the only limitation. EFS will need to be your choice. Personally, I would opt for either an encrypted virtual machine (full-disk encryption) or, another user where I would encrypt the user's home directory.



                  I can foresee another problem though because Thunderbird does not know the message body contains a sensitive password, it may store contents within the cache, swap memory or make temporary files stored within secondary storage (e.g. HDD) - Note this point is mereconjecture and should be acknowledged for all programs.




                  If a hacker did happen to gain access, he would not likely think to look in archived e-mail messages stored on the local machine




                  While this could be unlike, I would not want to risk my security on 'hope', especially the idea of 'I hope they will not think of this'.




                  Is there any way to quantify this risk?




                  I can break this down into several other points:



                  • Is full-disk encryption used?

                    • or is user directory encryption used?


                  • How easily can the email profile contents be accessed locally?

                    • is profile encryption used?


                  • How protected are you against spyware?

                  • What safeguards do you have against physical access, e.g. Evil Maid Attack?

                  These are only a few points, more can be added, but these would be major attack vectors to consider. If you are considering an alternative, but want an open source solution, consider KeePassX. If used correctly, it can also be used as a cloud-based password manager.



                  For further reading, Is sending password to user email secure?






                  share|improve this answer













                  The messages are stored only on my local machine. After receiving them, I make sure that all copies are removed from the server.




                  Unless GPG/PGP or SSL/TLS is used between email servers. E.g. an email from Outlook being sent to Gmail. Then this would be a huge risk point. However, without E2EE (end-to-end encryption) server A and server B, can still read the emails, as SSL/TLS will only provide endpoint security between the two servers, and not at rest.




                  The (corporate) e-mail system I use is encrypted and "safe"




                  This would be fine, except the wording 'corporate'. As I cannot see how E2EE is handled, therefore, I cannot place any trust in ciphers. This has another problem though, does corporate email (server A) encrypt the email so only you can access the email? This means once the email is encrypted, server A and server B (where the email will be received from server A) cannot read the plaintext email contents. The only one capable of decrypting the ciphertext is you, and not any server.



                  This would be an implementation of PGP.




                  To gain access to the passwords, a hacker would need to be granted access to my machine which is less likely as it is on a corporate network.




                  Given no plaintext, or decryptable copies (within a reasonable timeframe) are kept on any servers, this sounds good. However, you must now ensure the emails stored locally can only be accessed by you, and if your machine is compromised, how will you play interference? Encrypting your local email contents could be a viable option here. Mozilla Thunderbird offers 'profile encryption'. However, this only allows Encrypting File System (EFS), which provides it's the only limitation. EFS will need to be your choice. Personally, I would opt for either an encrypted virtual machine (full-disk encryption) or, another user where I would encrypt the user's home directory.



                  I can foresee another problem though because Thunderbird does not know the message body contains a sensitive password, it may store contents within the cache, swap memory or make temporary files stored within secondary storage (e.g. HDD) - Note this point is mereconjecture and should be acknowledged for all programs.




                  If a hacker did happen to gain access, he would not likely think to look in archived e-mail messages stored on the local machine




                  While this could be unlike, I would not want to risk my security on 'hope', especially the idea of 'I hope they will not think of this'.




                  Is there any way to quantify this risk?




                  I can break this down into several other points:



                  • Is full-disk encryption used?

                    • or is user directory encryption used?


                  • How easily can the email profile contents be accessed locally?

                    • is profile encryption used?


                  • How protected are you against spyware?

                  • What safeguards do you have against physical access, e.g. Evil Maid Attack?

                  These are only a few points, more can be added, but these would be major attack vectors to consider. If you are considering an alternative, but want an open source solution, consider KeePassX. If used correctly, it can also be used as a cloud-based password manager.



                  For further reading, Is sending password to user email secure?







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered 4 hours ago









                  safesploit

                  1,240417




                  1,240417




















                      Michael J is a new contributor. Be nice, and check out our Code of Conduct.









                       

                      draft saved


                      draft discarded


















                      Michael J is a new contributor. Be nice, and check out our Code of Conduct.












                      Michael J is a new contributor. Be nice, and check out our Code of Conduct.











                      Michael J is a new contributor. Be nice, and check out our Code of Conduct.













                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f193743%2fhow-risky-is-using-e-mail-to-manage-passwords%23new-answer', 'question_page');

                      );

                      Post as a guest













































































                      Comments

                      Popular posts from this blog

                      What does second last employer means? [closed]

                      Installing NextGIS Connect into QGIS 3?

                      One-line joke