nanog mailing list archives

Re: gmail security is a joke

From: Valdis.Kletnieks () vt edu
Date: Wed, 27 May 2015 04:17:34 -0400

On Wed, 27 May 2015 09:13:47 +0530, Anil Kumar said:

that link, since I have two-step verification set up, I was presented
with a demand for a number provided by the Google Authenticator
app on my phone. I provided that number and only then was I allowed
to reset the password.


And you have to pre-register the phone number.

Sounds about as secure as you're going to get when trying to scale to 10
digits of users....

And as I said earlier - if your threat model involves needing more security
than that, you have bigger problems.. :)

Attachment: _bin
Description:

Current thread:

Re: gmail security is a joke, (continued)
- - - Re: gmail security is a joke Barry Shein (May 29)
    - Re: gmail security is a joke Valdis . Kletnieks (May 29)
    - Re: gmail security is a joke Owen DeLong (May 29)
    - Re: gmail security is a joke Jimmy Hess (May 29)
    - Re: gmail security is a joke Justin M. Streiner (May 29)
    - Re: gmail security is a joke Rich Kulawiec (May 30)
- Re: gmail security is a joke Alex Brooks (May 26)
  - RE: gmail security is a joke Thijs Stuurman (May 26)
  - Re: gmail security is a joke Harald Koch (May 26)
    - Re: gmail security is a joke Anil Kumar (May 26)
    - Re: gmail security is a joke Valdis . Kletnieks (May 27)
    - Re: gmail security is a joke Rafael Possamai (May 27)
    - Message not available
    - Re: gmail security is a joke Larry Sheldon (May 27)
    - Re: gmail security is a joke Harald Koch (May 27)
    - Re: gmail security is a joke Jim Popovitch (May 27)
- Re: gmail security is a joke Jim Popovitch (May 26)