nanog mailing list archives
Re: gmail security is a joke
From: Harald Koch <chk () pobox com>
Date: Wed, 27 May 2015 16:52:19 -0400
On 26 May 2015 at 23:43, Anil Kumar <akumar () anilkumar com> wrote:
According to this page, the 2-factor authentication does kick in when you finally try to reset the password. http://webapps.stackexchange.com/questions/27258/is-there-a-way-of-disabling-googles-password-recovery-feature “… I was presented with an emailed link to a reset page. When I clicked that link, since I have two-step verification set up, I was presented with a demand for a number provided by the Google Authenticator app on my phone. I provided that number and only then was I allowed to reset the password.”
Y'all are way too trusting ;) If I recall from a brief experiment yesterday, three of the four options on that page are variations on "I'd like to bypass 2-factor authentication". There is really no point in any of Google's fancy account security if I can bypass all of it using Google's Identity Verification process, especially if that process is based on PII that isn't terribly difficult to obtain. This is just a variation on Apple's "give us the last four digits of your credit card to reset your password" gigantic security failure, and frankly I expected better from Google. Silly me. -- Harald (who once upon a time worked in the IAM space ;)
Current thread:
- Re: gmail security is a joke, (continued)
- Re: gmail security is a joke Jimmy Hess (May 29)
- Re: gmail security is a joke Justin M. Streiner (May 29)
- Re: gmail security is a joke Rich Kulawiec (May 30)
- Re: gmail security is a joke Alex Brooks (May 26)
- RE: gmail security is a joke Thijs Stuurman (May 26)
- Re: gmail security is a joke Harald Koch (May 26)
- Re: gmail security is a joke Anil Kumar (May 26)
- Re: gmail security is a joke Valdis . Kletnieks (May 27)
- Re: gmail security is a joke Rafael Possamai (May 27)
- Message not available
- Re: gmail security is a joke Larry Sheldon (May 27)
- Re: gmail security is a joke Harald Koch (May 27)
- Re: gmail security is a joke Jim Popovitch (May 27)