[180157] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (Harald Koch)
Tue May 26 22:39:18 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <CALKLF0_Zqr6GknR9M29y4tPOB2C6bw4=oV5Nk4gfNc_gJh14WA@mail.gmail.com>
Date: Tue, 26 May 2015 22:39:11 -0400
From: Harald Koch <chk@pobox.com>
To: Alex Brooks <askoorb+nanog@gmail.com>
Cc: nanog <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On 26 May 2015 at 11:32, Alex Brooks <askoorb+nanog@gmail.com> wrote:
>
> Can you not set account recory options which change the way password
> reset requests are handled.
> https://support.google.com/accounts/answer/183723 Gives some guidance?
>
> Alex
>
Unfortunately, setting these options does not disable the separate "account
recovery form" listed at the bottom of the page, and it is this form that
allows you to login with any previous password and to bypass 2-factor auth.
I must admit I was surprised by this when I tried it just now. I guess it's
time to rethink using Google as a primary account...
