nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: gmail security is a joke

From: Blair Trosper <blair.trosper () gmail com>
Date: Thu, 28 May 2015 14:09:39 -0500
Somewhat in the weeds here, but I still find it odd/curious that Google is
still using SHA-1 fingerprinted SSL certificates.

Weren't they making a big deal of pushing SHA-2 fingerprinted SSL certs a
while back?

On Wed, May 27, 2015 at 12:16 AM, Octavio Alvarez <octalnanog () alvarezp org>
wrote:


On 05/26/2015 08:44 AM, Owen DeLong wrote:


I think opt-out of password recovery choices on a line-item basis is
not a bad concept.

For example, I’d want to opt out of recovery with account creation
date. If anyone knows the date my gmail account was created, they
most certainly aren’t me.

OTOH, recovery by receiving a token at a previously registered
alternate email address seems relatively secure to me and I wouldn’t
want to opt out of that.

(( many more snipped ))



I would definitely opt-out from any kind of "secret questions" that I
couldn't type by myself.

Many many sites still think this is a good idea.

Best regards.





-- 
Blair Trosper p.g.a.
S2 Entertainment Partners
Desk:  469-333-8008
Cell:  512-619-8133
Agent/Rep:  WME (Los Angeles, CA) - 310-248-2000
PR/Manager:  BORG (Dallas, TX) - 844-THE-BORG
Previous By Date Next
Previous By Thread Next

Current thread: