An email server with an insecure password, for example, or a password that only you can crack?
That’s not an ideal scenario for most people, but it’s one that’s becoming more common.
The rise of password-free email has made it easier for people to use email services like Microsoft Outlook without using their real name or other sensitive information.
And now, in a new report from security firm Check Point, that’s also becoming a problem for security companies.
“Companies are using the password reset option as a security measure to allow people to reset their passwords without having to use their real names, which can be costly for the security of their organizations,” Check Point CEO Jonathan Moxey told Ars.
“And then people are using them to recover email passwords.
The result is they’re giving their customers a way to bypass passwords without actually changing the password, and then they’re sending the data back to their customers.”
The key takeaway is that while passwords are a security risk, the security risk is also an opportunity.
If someone has the right kind of password and can crack it, it’s easy for them to send the information back to a third party and use it for any number of nefarious purposes.
As Moxé said, it may be tempting to think that just because someone can crack a password it means they can’t break it.
But that’s not the case at all.
The only way a password is cracked is by using the correct password, which is why password-based protection should be used only when absolutely necessary.
And while that’s true of most email services, it isn’t true of Microsoft Outlook, which has a “keep your password secret” policy that doesn’t actually require a password to use.
And that’s where Check Point’s report comes in.
While it’s possible to have a password-protected email service that doesn�t require a user to reveal their password, Moxeey says, the risk is that someone can get into the system by pretending to be a legitimate user, or use a brute force attack to guess the correct one.
That’s why the researchers used an email address as the “password.”
Moxettey said that the only thing the email service had to do to prevent the attacker from guessing the correct email address was to block the password from being used.
If you’re a company using an email provider that offers password protection, check out Check Point�s report.
You’ll need to install a different email app to use that password.