nanog mailing list archives
Re: gmail security is a joke
From: "John Levine" <johnl () iecc com>
Date: 26 May 2015 16:06:38 -0000
In article <CAKnNFz_apy8KHBXj0umGoq6UfCD640Jtxe9A+2TqU-d761-eug () mail gmail com> you write:
Haha I cringe when I do a password recovery at a site and they either email the current pw to me in plain text or just as bad reset it then email it in plain text. Its really sad that stuff this bad is still so common.
If they do a reset, what difference does it make whether they send the password in plain text or as a one-time link? Either way, if a bad guy can read the mail, he can steal the account. Given the enormous scale of Gmail, I think they do a reasonable job of account security. If you want to make your account secure with an external account or an external token (a physical one like a yubikey or a software one like the authenticator app), you can. Or if you consider your account to be low value, you can treat it that way, too. R's, John
Current thread:
- gmail security is a joke Markus (May 26)
- Re: gmail security is a joke Saku Ytti (May 26)
- Re: gmail security is a joke Owen DeLong (May 26)
- Re: gmail security is a joke chris (May 26)
- Re: gmail security is a joke John Levine (May 26)
- Re: gmail security is a joke chris (May 26)
- Re: gmail security is a joke John R. Levine (May 26)
- Re: gmail security is a joke Aaron C. de Bruyn (May 26)
- Re: gmail security is a joke John R. Levine (May 26)
- Re: gmail security is a joke Aaron C. de Bruyn (May 26)
- Re: gmail security is a joke Owen DeLong (May 26)
- Re: gmail security is a joke Scott Howard (May 26)
- Re: gmail security is a joke William Herrin (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke John R. Levine (May 27)
- Re: gmail security is a joke James Downs (May 27)
- Re: gmail security is a joke Saku Ytti (May 26)