[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gmail security is a joke

Subject: gmail security is a joke
From: johnl at iecc.com (John Levine)
Date: 26 May 2015 16:06:38 -0000
In-reply-to: <CAKnNFz_apy8KHBXj0umGoq6UfCD640Jtxe9A+2TqU-d761-eug@mail.gmail.com>

In article <CAKnNFz_apy8KHBXj0umGoq6UfCD640Jtxe9A+2TqU-d761-eug at mail.gmail.com> you write:
>Haha I cringe when I do a password recovery at a site and they either email
>the current pw to me in plain text or just as bad reset it then email it in
>plain text. Its really sad that stuff this bad is still so common.

If they do a reset, what difference does it make whether they send the
password in plain text or as a one-time link?  Either way, if a bad
guy can read the mail, he can steal the account.

Given the enormous scale of Gmail, I think they do a reasonable job of
account security.  If you want to make your account secure with an
external account or an external token (a physical one like a yubikey
or a software one like the authenticator app), you can.

Or if you consider your account to be low value, you can treat it that
way, too.

R's,
John

Follow-Ups:
- gmail security is a joke
  - From: tknchris at gmail.com (chris)
- gmail security is a joke
  - From: aaron at heyaaron.com (Aaron C. de Bruyn)

References:
- gmail security is a joke
  - From: tknchris at gmail.com (chris)

Prev by Date: gmail security is a joke
Next by Date: gmail security is a joke
Previous by thread: gmail security is a joke
Next by thread: gmail security is a joke
Index(es):
- Date
- Thread