[180163] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (Larry Sheldon)
Wed May 27 04:39:44 2015
X-Original-To: nanog@nanog.org
Date: Wed, 27 May 2015 03:39:33 -0500
From: Larry Sheldon <larrysheldon@cox.net>
To: nanog@nanog.org
In-Reply-To: <YwJP1q0071cZc5601wJRQU>
Errors-To: nanog-bounces@nanog.org
On 5/27/2015 03:17, Valdis.Kletnieks@vt.edu wrote:
> On Wed, 27 May 2015 09:13:47 +0530, Anil Kumar said:
>> that link, since I have two-step verification set up, I was presented
>> with a demand for a number provided by the Google Authenticator
>> app on my phone. I provided that number and only then was I allowed
>> to reset the password.
>
> And you have to pre-register the phone number.
>
> Sounds about as secure as you're going to get when trying to scale to 10
> digits of users....
>
> And as I said earlier - if your threat model involves needing more security
> than that, you have bigger problems.. :)
As they say, I no longer have a dog in this fight beyond myself and to
an extent (advisory capacity) my wife, but I have been having trouble
understanding the concept of organizations ("network operators") with
large and legitimate concerns for security issues, using gmail.
--
sed quis custodiet ipsos custodes? (Juvenal)
