[180191] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (Jim Popovitch)
Wed May 27 17:06:20 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <CAPYK2_x7C1V+OcK70mCg65sKCUALORmiZxFuepes3CC4CVTRFA@mail.gmail.com>
Date: Wed, 27 May 2015 17:06:17 -0400
From: Jim Popovitch <jimpop@gmail.com>
To: nanog <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Wed, May 27, 2015 at 4:52 PM, Harald Koch <chk@pobox.com> wrote:
>
> Y'all are way too trusting ;)
Or we are much more comfortable with our knowledge. Six in one,....
> If I recall from a brief experiment yesterday, three of the four options on
> that page are variations on "I'd like to bypass 2-factor authentication".
> There is really no point in any of Google's fancy account security if I can
> bypass all of it using Google's Identity Verification process, especially
> if that process is based on PII that isn't terribly difficult to obtain.
I think you are overly simplifying a piece of a very large, very
complicated, highly dynamic, and daily reviewed, security pipeline.
Google's Account security is not a 1 man in the basement operation.
You tell me the Sender, time, last Received line, and byte size, of
all the emails I received on 1-Jan-2015 and I will give you $100 per
email.... or this thread can just die a miserable hypothetical death
that it deserves.
-Jim P.
