Yes. The NSA isn’t a threat I worry about, since I figure they could get my stuff via a demand to Google, if they wanted it. I am primarily worried about non-government-aided criminals. See Steve Bellovin’s analysis for why this isn’t so suitable an attack for that class of adversary.
“There’s one password you should change nevertheless: your email password.”
Besides, Bellovin is talking about what he calls the most serious case—leakage of crypto keys. If the attackers snarfed your password, they don’t need to sniff, mitm, or redirect your traffic.
Yes. The NSA isn’t a threat I worry about, since I figure they could get my stuff via a demand to Google, if they wanted it. I am primarily worried about non-government-aided criminals. See Steve Bellovin’s analysis for why this isn’t so suitable an attack for that class of adversary.
And look what your own link says:
“There’s one password you should change nevertheless: your email password.”
Besides, Bellovin is talking about what he calls the most serious case—leakage of crypto keys. If the attackers snarfed your password, they don’t need to sniff, mitm, or redirect your traffic.