nanog mailing list archives
Re: gmail security is a joke
From: chris <tknchris () gmail com>
Date: Tue, 26 May 2015 11:54:12 -0400
Haha I cringe when I do a password recovery at a site and they either email the current pw to me in plain text or just as bad reset it then email it in plain text. Its really sad that stuff this bad is still so common. On Tue, May 26, 2015 at 11:44 AM, Owen DeLong <owen () delong com> wrote:
On May 26, 2015, at 5:22 PM, Saku Ytti <saku () ytti fi> wrote: On (2015-05-26 16:26 +0200), Markus wrote: Hey,Did you know that anyone, anywhere in the world can get into a gmailaccountmerely by knowing its creation date (month and year is sufficient) andtheWithout any comment on what gmail is or is not doing, the topicinterests me.How should recovery be done in scalable manner? Almost invariably whentheaccounts were initially created there is no strong authentication used,howwould, even in theory, it be possible to reauthenticate strongly after password was lost?I think opt-out of password recovery choices on a line-item basis is not a bad concept. For example, I’d want to opt out of recovery with account creation date. If anyone knows the date my gmail account was created, they most certainly aren’t me. OTOH, recovery by receiving a token at a previously registered alternate email address seems relatively secure to me and I wouldn’t want to opt out of that. Recovery by SMS to a previously registered phone likewise seems reasonably secure and I wouldn’t want to opt out of that, either. Recovery by SMS to a phone number provided with the recovery request I would most certainly want to disable. (yes, some sites do this). Recovery by having my password plain-text emailed to me at my alternate address (or worse, an address I supply at the time of recovery request), not so much. (yes, many sites actually do this) Really, you don’t need to strongly authenticate a particular person for these accounts. You need, instead, to authenticate that the person attempting recovery is reasonably likely to be the person who set up the account originally, whether or not they are who they claimed to be at that time.Perhaps some people would trust, if they could opt-in forreauthentication viasome legal entity procuring such services. Then during account creation,you'dneed to go through same authentication phase, perhaps tied to nationalIDorcomparable. This might be reasonable, most people probably already trustoneof these for much more important authentication than email, butsupporting allof them globally seems like very expensive proposal.This also would take away from the benefits of having some level of anonymity in the account creation process, so I think this isn’t such a great idea on multiple levels. YMMV. Owen
Current thread:
- gmail security is a joke Markus (May 26)
- Re: gmail security is a joke Saku Ytti (May 26)
- Re: gmail security is a joke Owen DeLong (May 26)
- Re: gmail security is a joke chris (May 26)
- Re: gmail security is a joke John Levine (May 26)
- Re: gmail security is a joke chris (May 26)
- Re: gmail security is a joke John R. Levine (May 26)
- Re: gmail security is a joke Aaron C. de Bruyn (May 26)
- Re: gmail security is a joke John R. Levine (May 26)
- Re: gmail security is a joke Aaron C. de Bruyn (May 26)
- Re: gmail security is a joke Owen DeLong (May 26)
- Re: gmail security is a joke Scott Howard (May 26)
- Re: gmail security is a joke William Herrin (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke John R. Levine (May 27)
- Re: gmail security is a joke Saku Ytti (May 26)