[180172] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (Rafael Possamai)
Wed May 27 09:27:43 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <44473.1432714654@turing-police.cc.vt.edu>
From: Rafael Possamai <rafael@gav.ufsc.br>
Date: Wed, 27 May 2015 08:27:18 -0500
To: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Cc: nanog <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
You can also register a U2F key.
On Wed, May 27, 2015 at 3:17 AM, <Valdis.Kletnieks@vt.edu> wrote:
> On Wed, 27 May 2015 09:13:47 +0530, Anil Kumar said:
> > that link, since I have two-step verification set up, I was presented
> > with a demand for a number provided by the Google Authenticator
> > app on my phone. I provided that number and only then was I allowed
> > to reset the password.
>
> And you have to pre-register the phone number.
>
> Sounds about as secure as you're going to get when trying to scale to 10
> digits of users....
>
> And as I said earlier - if your threat model involves needing more security
> than that, you have bigger problems.. :)
>
