[180226] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (Octavio Alvarez)
Thu May 28 14:57:11 2015
X-Original-To: nanog@nanog.org
Date: Tue, 26 May 2015 22:16:01 -0700
From: Octavio Alvarez <octalnanog@alvarezp.org>
To: Owen DeLong <owen@delong.com>, Saku Ytti <saku@ytti.fi>
In-Reply-To: <312D54C4-EC72-4A3F-87FC-357AFA61D04A@delong.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On 05/26/2015 08:44 AM, Owen DeLong wrote:
> I think opt-out of password recovery choices on a line-item basis is
> not a bad concept.
>
> For example, I’d want to opt out of recovery with account creation
> date. If anyone knows the date my gmail account was created, they
> most certainly aren’t me.
>
> OTOH, recovery by receiving a token at a previously registered
> alternate email address seems relatively secure to me and I wouldn’t
> want to opt out of that.
>
> (( many more snipped ))
I would definitely opt-out from any kind of "secret questions" that I
couldn't type by myself.
Many many sites still think this is a good idea.
Best regards.
