Plausible deniability of email password handover

ID: plausible-deniability-of-email-password-handover

Top articles Latest articles New article in topic
Plausible deniability of email password handover by Ciro Santilli 37 Updated 2025-07-16
You need a secondary password that when used leads to an empty inbox with a setting set where message are deleted after 2 days.
This way, if the attacker sends a test email, it will still show up, but being empty is also plausible.
Of course, this means that any new emails received will be visible by the attacker, so you have to find a way to inform senders that the account has been compromised.
So you have to find a way to inform senders that the account has been compromised, e.g. a secret pre-agreed canary that must be checked each time as part of the contact protocol.
Read the full article

New to topics? Read the docs here!