nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: gmail security is a joke

From: Anil Kumar <akumar () anilkumar com>
Date: Wed, 27 May 2015 09:13:47 +0530


On May 27, 2015, at 8:09 AM, Harald Koch <chk () pobox com> wrote:

On 26 May 2015 at 11:32, Alex Brooks <askoorb+nanog () gmail com> wrote:



Can you not set account recory options which change the way password
reset requests are handled.
https://support.google.com/accounts/answer/183723 Gives some guidance?

Alex



Unfortunately, setting these options does not disable the separate "account
recovery form" listed at the bottom of the page, and it is this form that
allows you to login with any previous password and to bypass 2-factor auth.

I must admit I was surprised by this when I tried it just now. I guess it's
time to rethink using Google as a primary account...




According to this page, the 2-factor authentication does kick in when you 
finally try to reset the password.

http://webapps.stackexchange.com/questions/27258/is-there-a-way-of-disabling-googles-password-recovery-feature 
<http://webapps.stackexchange.com/questions/27258/is-there-a-way-of-disabling-googles-password-recovery-feature>

“… I was presented with an emailed link to a reset page. When I clicked 
that link, since I have two-step verification set up, I was presented 
with a demand for a number provided by the Google Authenticator 
app on my phone. I provided that number and only then was I allowed 
to reset the password.”

AK

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: