[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gmail security is a joke

Subject: gmail security is a joke
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Wed, 27 May 2015 04:17:34 -0400
In-reply-to: Your message of "Wed, 27 May 2015 09:13:47 +0530." <[email protected]>
References: <[email protected]> <CALKLF0_Zqr6GknR9M29y4tPOB2C6bw4=oV5Nk4gfNc_gJh14WA@mail.gmail.com> <CAPYK2_z9DtZHg1WKXS8RdzQj2YnE1knF9_F3sB28A705fs7M6A@mail.gmail.com> <[email protected]>

On Wed, 27 May 2015 09:13:47 +0530, Anil Kumar said:
> that link, since I have two-step verification set up, I was presented
> with a demand for a number provided by the Google Authenticator
> app on my phone. I provided that number and only then was I allowed
> to reset the password.

And you have to pre-register the phone number.

Sounds about as secure as you're going to get when trying to scale to 10
digits of users....

And as I said earlier - if your threat model involves needing more security
than that, you have bigger problems.. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20150527/3cb74137/attachment.pgp>

Follow-Ups:
- gmail security is a joke
  - From: rafael at gav.ufsc.br (Rafael Possamai)

References:
- gmail security is a joke
  - From: universe at truemetal.org (Markus)
- gmail security is a joke
  - From: askoorb+nanog at gmail.com (Alex Brooks)
- gmail security is a joke
  - From: chk at pobox.com (Harald Koch)
- gmail security is a joke
  - From: akumar at anilkumar.com (Anil Kumar)

Prev by Date: Multiple vendors' IPv6 issues
Next by Date: gmail security is a joke
Previous by thread: gmail security is a joke
Next by thread: gmail security is a joke
Index(es):
- Date
- Thread