[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gmail security is a joke

Subject: gmail security is a joke
From: blair.trosper at gmail.com (Blair Trosper)
Date: Thu, 28 May 2015 14:09:39 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>

Somewhat in the weeds here, but I still find it odd/curious that Google is
still using SHA-1 fingerprinted SSL certificates.

Weren't they making a big deal of pushing SHA-2 fingerprinted SSL certs a
while back?

On Wed, May 27, 2015 at 12:16 AM, Octavio Alvarez <octalnanog at alvarezp.org>
wrote:

> On 05/26/2015 08:44 AM, Owen DeLong wrote:
>
>> I think opt-out of password recovery choices on a line-item basis is
>> not a bad concept.
>>
>> For example, I?d want to opt out of recovery with account creation
>> date. If anyone knows the date my gmail account was created, they
>> most certainly aren?t me.
>>
>> OTOH, recovery by receiving a token at a previously registered
>> alternate email address seems relatively secure to me and I wouldn?t
>> want to opt out of that.
>>
>> (( many more snipped ))
>>
>
> I would definitely opt-out from any kind of "secret questions" that I
> couldn't type by myself.
>
> Many many sites still think this is a good idea.
>
> Best regards.
>



-- 
Blair Trosper p.g.a.
S2 Entertainment Partners
Desk:  469-333-8008
Cell:  512-619-8133
Agent/Rep:  WME (Los Angeles, CA) - 310-248-2000
PR/Manager:  BORG (Dallas, TX) - 844-THE-BORG

References:
- gmail security is a joke
  - From: universe at truemetal.org (Markus)
- gmail security is a joke
  - From: saku at ytti.fi (Saku Ytti)
- gmail security is a joke
  - From: owen at delong.com (Owen DeLong)
- gmail security is a joke
  - From: octalnanog at alvarezp.org (Octavio Alvarez)

Prev by Date: AWS Elastic IP architecture
Next by Date: gmail security is a joke
Previous by thread: gmail security is a joke
Next by thread: gmail security is a joke
Index(es):
- Date
- Thread