[180228] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (Blair Trosper)
Thu May 28 15:11:40 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <55655311.3020403@alvarezp.org>
Date: Thu, 28 May 2015 14:09:39 -0500
From: Blair Trosper <blair.trosper@gmail.com>
To: Octavio Alvarez <octalnanog@alvarezp.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Somewhat in the weeds here, but I still find it odd/curious that Google is
still using SHA-1 fingerprinted SSL certificates.
Weren't they making a big deal of pushing SHA-2 fingerprinted SSL certs a
while back?
On Wed, May 27, 2015 at 12:16 AM, Octavio Alvarez <octalnanog@alvarezp.org>
wrote:
> On 05/26/2015 08:44 AM, Owen DeLong wrote:
>
>> I think opt-out of password recovery choices on a line-item basis is
>> not a bad concept.
>>
>> For example, I=E2=80=99d want to opt out of recovery with account creati=
on
>> date. If anyone knows the date my gmail account was created, they
>> most certainly aren=E2=80=99t me.
>>
>> OTOH, recovery by receiving a token at a previously registered
>> alternate email address seems relatively secure to me and I wouldn=E2=80=
=99t
>> want to opt out of that.
>>
>> (( many more snipped ))
>>
>
> I would definitely opt-out from any kind of "secret questions" that I
> couldn't type by myself.
>
> Many many sites still think this is a good idea.
>
> Best regards.
>
--=20
Blair Trosper p.g.a.
S2 Entertainment Partners
Desk: 469-333-8008
Cell: 512-619-8133
Agent/Rep: WME (Los Angeles, CA) - 310-248-2000
PR/Manager: BORG (Dallas, TX) - 844-THE-BORG
