nanog mailing list archives
gmail security is a joke
From: Markus <universe () truemetal org>
Date: Tue, 26 May 2015 16:26:38 +0200
Did you know that anyone, anywhere in the world can get into a gmail account merely by knowing its creation date (month and year is sufficient) and the last login date (try "today")? What a joke.
Try it by yourself, its "fun".Even worse, once the attacker had control of your account once, and you reset the PW and then enable 2-factor-authentication, he will always come back because it is sufficient for him to know one of the last passwords to reset it again. This will totally work around 2-factor-authentication and allows him to remove/change recovery E-Mail + phone + turn off 2FA. There's no way to get rid of him.
What a mess!I have a gmail account that mostly sends mail and barely receives any. This is probably why it works so damn easy. Otherwise the PW recovery process will ask you for the E-Mail addresses of people that you have received mail from in the past. But even this can get easily guessed/researched.
Current thread:
- gmail security is a joke Markus (May 26)
- Re: gmail security is a joke Saku Ytti (May 26)
- Re: gmail security is a joke Owen DeLong (May 26)
- Re: gmail security is a joke chris (May 26)
- Re: gmail security is a joke John Levine (May 26)
- Re: gmail security is a joke chris (May 26)
- Re: gmail security is a joke John R. Levine (May 26)
- Re: gmail security is a joke Aaron C. de Bruyn (May 26)
- Re: gmail security is a joke John R. Levine (May 26)
- Re: gmail security is a joke Aaron C. de Bruyn (May 26)
- Re: gmail security is a joke Owen DeLong (May 26)
- Re: gmail security is a joke Scott Howard (May 26)
- Re: gmail security is a joke Saku Ytti (May 26)