[180135] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (John Levine)
Tue May 26 12:07:04 2015
X-Original-To: nanog@nanog.org
Date: 26 May 2015 16:06:38 -0000
From: "John Levine" <johnl@iecc.com>
To: nanog@nanog.org
In-Reply-To: <CAKnNFz_apy8KHBXj0umGoq6UfCD640Jtxe9A+2TqU-d761-eug@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
In article <CAKnNFz_apy8KHBXj0umGoq6UfCD640Jtxe9A+2TqU-d761-eug@mail.gmail.com> you write:
>Haha I cringe when I do a password recovery at a site and they either email
>the current pw to me in plain text or just as bad reset it then email it in
>plain text. Its really sad that stuff this bad is still so common.
If they do a reset, what difference does it make whether they send the
password in plain text or as a one-time link? Either way, if a bad
guy can read the mail, he can steal the account.
Given the enormous scale of Gmail, I think they do a reasonable job of
account security. If you want to make your account secure with an
external account or an external token (a physical one like a yubikey
or a software one like the authenticator app), you can.
Or if you consider your account to be low value, you can treat it that
way, too.
R's,
John
