[180160] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (Anil Kumar)
Wed May 27 01:10:06 2015
X-Original-To: nanog@nanog.org
From: Anil Kumar <akumar@anilkumar.com>
In-Reply-To: <CAPYK2_z9DtZHg1WKXS8RdzQj2YnE1knF9_F3sB28A705fs7M6A@mail.gmail.com>
Date: Wed, 27 May 2015 09:13:47 +0530
To: Harald Koch <chk@pobox.com>
Cc: nanog <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_B36F46CC-1F3D-48AD-9E77-759AC2A58D76
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
> On May 27, 2015, at 8:09 AM, Harald Koch <chk@pobox.com> wrote:
>=20
> On 26 May 2015 at 11:32, Alex Brooks <askoorb+nanog@gmail.com> wrote:
>=20
>>=20
>> Can you not set account recory options which change the way password
>> reset requests are handled.
>> https://support.google.com/accounts/answer/183723 Gives some =
guidance?
>>=20
>> Alex
>>=20
>=20
> Unfortunately, setting these options does not disable the separate =
"account
> recovery form" listed at the bottom of the page, and it is this form =
that
> allows you to login with any previous password and to bypass 2-factor =
auth.
>=20
> I must admit I was surprised by this when I tried it just now. I guess =
it's
> time to rethink using Google as a primary account...
According to this page, the 2-factor authentication does kick in when =
you=20
finally try to reset the password.
=
http://webapps.stackexchange.com/questions/27258/is-there-a-way-of-disabli=
ng-googles-password-recovery-feature =
<http://webapps.stackexchange.com/questions/27258/is-there-a-way-of-disabl=
ing-googles-password-recovery-feature>
=E2=80=9C=E2=80=A6 I was presented with an emailed link to a reset page. =
When I clicked=20
that link, since I have two-step verification set up, I was presented=20
with a demand for a number provided by the Google Authenticator=20
app on my phone. I provided that number and only then was I allowed=20
to reset the password.=E2=80=9D
AK=
--Apple-Mail=_B36F46CC-1F3D-48AD-9E77-759AC2A58D76
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ9jCCBK8w
ggOXoAMCAQICEQDgI8sVEoNTia1hbnpUZ2shMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNVBAYTAlNF
MRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5l
dHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcNMTQxMjIyMDAwMDAw
WhcNMjAwNTMwMTA0ODM4WjCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hl
c3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNV
BAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWls
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibEN2npTGU5wUh28VqYGJre4SeCW
51Gr8fBaE0kVo7SMG2C8elFCp3mMpCLfF2FOkdV2IwoU00oCf7YdCYBupQQ92bq7Fv6hh6kuQ1JD
FnyvMlDIpk9a6QjYz5MlnHuI6DBk5qT4VoD9KiQUMxeZrETlaYujRgZLwjPU6UCfBrCxrJNAubUI
kzqcKlOjENs9IGE8VQOO2U52JQIhKfqjfHF2T+7hX4Hp+1SA28N7NVK3hN4iPSwwLTF/Wb1SN7Az
aS1D6/rWpfGXd2dRjNnuJ+u8pQc4doykqTj/34z1A6xJvsr3c5k6DzKrnJU6Ez0ORjpXdGFQvsZA
P8vk4p+iIQIDAQABo4IBFzCCARMwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYD
VR0OBBYEFJJha4LhoqCqT+xn8cKj97SAAMHsMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAG
AQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAw
RAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJu
YWxDQVJvb3QuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNl
cnRydXN0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAGypurFXBOquIxdjtzVXzqmthK8AJECOZD8Vm
am+x9bS1d14PAmEA330F/hKzpICAAPz7HVtqcgIKQbwFusFY1SbC6tVNhPv+gpjPWBvjImOcUvi7
BTarfVil3qs7Y+Xa1XPv7OD7e+Kj//BCI5zKto1NPuRLGAOyqC3U2LtCS5BphRDbpjc06HvgARCl
nMo6x59PiDRuimXQGoq7qdzKyjbR9PzCZCk1r9axp3ER0gNDsY8+muyeMlP0dpLKhjQHuSzK5hxK
2JkNwYbikJL7WkJqIyEQ6WXH9dW7fuqMhSACYurROgcsWcWZM/I4ieW26RZ6H3kU9koQGib6fIr7
mzCCBT8wggQnoAMCAQICEF5/v5yyia0o5QKqwxVd0hIwDQYJKoZIhvcNAQELBQAwgZsxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQg
QXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xNTA1MTcwMDAwMDBaFw0xNjA1
MTYyMzU5NTlaMCUxIzAhBgkqhkiG9w0BCQEWFGFrdW1hckBhbmlsa3VtYXIuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR0V39VnpIF+eRN4mhgiR3rhqY7uU9/f4DbuoSkC3FLT
cw7gV2S1x3iY7ekAqVewEedY8iDpS8EvOMxonOlWd1Jv47xyFX9/oB5Ecd4/MoC/mLDuP4y+aUM+
yBe4iRMwEBIApxdYbBysgFUeyeE89LaIrnHWX0MyvXHRDIRh6+IApDL9DwsiAC3yyp4pWYpz4OR/
mH0mK/pHv75D5JLd6dEugvAqzUhD7y+xPVmzkglgo/oOVH+NKYT+XjrLaNt5KyAgZ/71QpGChvoF
7zyQZCgIZmDc8gfCh+ySOan+JXLp+wTU14WL3VampaZfAEAd1yMcq9dkQ+utRtO/AlOnCwIDAQAB
o4IB8jCCAe4wHwYDVR0jBBgwFoAUkmFrguGioKpP7GfxwqP3tIAAwewwHQYDVR0OBBYEFLWsllli
TxPLGOCZijgjSo8GkFZxMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMCAGA1UdJQQZMBcG
CCsGAQUFBwMEBgsrBgEEAbIxAQMFAjARBglghkgBhvhCAQEEBAMCBSAwRgYDVR0gBD8wPTA7Bgwr
BgEEAbIxAQIBAQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMw
XQYDVR0fBFYwVDBSoFCgToZMaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPU0hBMjU2Q2xp
ZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNybDCBkAYIKwYBBQUHAQEEgYMwgYAw
WAYIKwYBBQUHMAKGTGh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNsaWVudEF1
dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
LmNvbW9kb2NhLmNvbTAfBgNVHREEGDAWgRRha3VtYXJAYW5pbGt1bWFyLmNvbTANBgkqhkiG9w0B
AQsFAAOCAQEAf/3ZlH/x+MynzsMOtvMn6fFekqhnEz7kAY5RA2SO4sestT2oxBDzx7CxthFnvLRg
xAUeD8bv0cxfkfeLH3nTGv9PDzmXr+egoSZQIx+w7r6E6XFALZqBcEJwpmsusotouW5OCuZuFV0P
C4NFnRpLWWpwDuetIIh8cu/OR45l0OvC4UntZ99SkJffPdgNqEVrzkxCQGo3dsLjssYyfKhScE1h
zpw+ibcoMuAOPugIco2/EkG1mIuREENQ2eZD06uqf/CRrPlWurJgHp0oI2XxYHe7kgQVf1aRdMQe
4atwag6IyMIERIfUCRZh9GEyCbymN3Xs3H+BTNeRV4mXToRV3zGCA8MwggO/AgEBMIGwMIGbMQsw
CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3Jk
MRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xp
ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEF5/v5yyia0o5QKqwxVd0hIw
CQYFKw4DAhoFAKCCAecwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MTUwNTI3MDM0MzQ5WjAjBgkqhkiG9w0BCQQxFgQU0H1aWY4FeyLWIBNownVpvSIX+9swgcEGCSsG
AQQBgjcQBDGBszCBsDCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl
cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMT
OENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENB
AhBef7+csomtKOUCqsMVXdISMIHDBgsqhkiG9w0BCRACCzGBs6CBsDCBmzELMAkGA1UEBhMCR0Ix
GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhBef7+csomtKOUCqsMVXdISMA0GCSqGSIb3DQEB
AQUABIIBAGQZp/L1CX5D6i7a4M8s1ZoGb5oumGdvXh6f9sqAjTKGN3yUEc5/1mIW7K8SOoDDFMQO
4lauiFJ9l+kn6vtkdZsw6FONSuwXP9rJawlyppspoh1to6TKIj31MqLsxx3ihgf6z4mGznJtuYw3
Tub9aHwstujgqCG+duPId15Bt1DVE408tFpoKECx7Tu/iA8Ady8zEsVMDkQ0fxULPPQyOtjjnujP
LEazrHpIYNfxeYlcfntvT1f2lZvthcLF4V4FDR2OKyCx3w/6dMO76MPoWUQumZ9eGy49B98kBtkd
uS4ZQ7EtP8hWVWlX2EEOSXH1X5WjrAW/E9UBrJuaVmSzjOAAAAAAAAA=
--Apple-Mail=_B36F46CC-1F3D-48AD-9E77-759AC2A58D76--
