nanog mailing list archives
Re: gmail security is a joke
From: chris <tknchris () gmail com>
Date: Tue, 26 May 2015 12:10:57 -0400
I get what you are saying but my point was more about lack of crypto or reversible crypto than stealing the account. I like what Owen is describing, they should present all account recovery options and let the user toggle on/off which ones they want to be usable this way the user can make their own decisions and live with their own choices. On Tue, May 26, 2015 at 12:06 PM, John Levine <johnl () iecc com> wrote:
In article < CAKnNFz_apy8KHBXj0umGoq6UfCD640Jtxe9A+2TqU-d761-eug () mail gmail com> you write:Haha I cringe when I do a password recovery at a site and they eitherthe current pw to me in plain text or just as bad reset it then email itinplain text. Its really sad that stuff this bad is still so common.If they do a reset, what difference does it make whether they send the password in plain text or as a one-time link? Either way, if a bad guy can read the mail, he can steal the account. Given the enormous scale of Gmail, I think they do a reasonable job of account security. If you want to make your account secure with an external account or an external token (a physical one like a yubikey or a software one like the authenticator app), you can. Or if you consider your account to be low value, you can treat it that way, too. R's, John
Current thread:
- gmail security is a joke Markus (May 26)
- Re: gmail security is a joke Saku Ytti (May 26)
- Re: gmail security is a joke Owen DeLong (May 26)
- Re: gmail security is a joke chris (May 26)
- Re: gmail security is a joke John Levine (May 26)
- Re: gmail security is a joke chris (May 26)
- Re: gmail security is a joke John R. Levine (May 26)
- Re: gmail security is a joke Aaron C. de Bruyn (May 26)
- Re: gmail security is a joke John R. Levine (May 26)
- Re: gmail security is a joke Aaron C. de Bruyn (May 26)
- Re: gmail security is a joke Owen DeLong (May 26)
- Re: gmail security is a joke Scott Howard (May 26)
- Re: gmail security is a joke William Herrin (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke John R. Levine (May 27)
- Re: gmail security is a joke James Downs (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke Saku Ytti (May 26)