> Sometimes you can get less technical people to install an email cert > when you tell them that sending a password by email (or any sensitive > information) can be less secure than posting it on the internet since > email bounces around to more servers.
Merely *can be* less secure? No, it *is not* secure, period. Same for simply "posting it on the internet", in most of the ways that could be interpreted by the layman. I like to say that there are no degrees of insecurity. I think sometimes we're afraid of emphasizing the importance of security to the less technical because of their tendency to go idiot-lights-mode on us, or to get mad because they don't understand, don't care, or don't want to. I still think it's important, and if it's important, is worth doing and worth mentioning. Kind of like trying to get a child to brush their teeth. It may not be easy at first, or fun, but is important and worth it in the long run. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
