I got an email that "supposedly" was secure. It had a link which said that to get secure message follow this link. They could have verified it was me by asking my bank or my smart card to authentication me but they did not.
Now since the link encoded a password in the URL as website (over https), how is this supposed to be more secure? Or is it a security feature of the sending agency (which is sort of a insurance company), as they can now revoke the message and I'm left out with nothing. example:
this is a secure mail please read it at:
https://agency.org/login.cgi?ywt786u2y18926uye8924uiyew89y6ry3y47832teyutew78832..
click link
And then the browser opens what amounts to the body text of the mail. The link itself is multi use and expires in 7 days.
What kind of security does his actually provide? As far as I understand they sent the link over unsecured channels so its just as prone to hijacking as plain email. Is this giving recipients false sense of security?
I am not asking if its secure as such just trying to understand what the mechanism might be.
Edity:
This is a sort of insurance agency although it is not a insurer in the common sense. Well I was half expecting the mail (in that i knew they would mail me at some point). Although to be honest the mail would have been nearly as informative if it had just said "Done"! Besides they sent me a copy over snail mail anyway (it arrived 3 hours later). But that does not mean they dont send sensitive information.
Edity 2:
Since this is apparently unclear the link is nothing spectacular just a link with a really long hash in the end. The only other thing i can think of is: That it validates the sender is who they say they are. (now I can validate the certificate of the website)