gmail security is a joke

• Previous message (by thread): [SECURITY] Application layer attacks/DDoS attacks
• Next message (by thread): gmail security is a joke
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Did you know that anyone, anywhere in the world can get into a gmail 
account merely by knowing its creation date (month and year is 
sufficient) and the last login date (try "today")? What a joke.

Try it by yourself, its "fun".

Even worse, once the attacker had control of your account once, and you 
reset the PW and then enable 2-factor-authentication, he will always 
come back because it is sufficient for him to know one of the last 
passwords to reset it again. This will totally work around 
2-factor-authentication and allows him to remove/change recovery E-Mail 
+ phone + turn off 2FA. There's no way to get rid of him.

What a mess!

I have a gmail account that mostly sends mail and barely receives any. 
This is probably why it works so damn easy. Otherwise the PW recovery 
process will ask you for the E-Mail addresses of people that you have 
received mail from in the past. But even this can get easily 
guessed/researched.

• Previous message (by thread): [SECURITY] Application layer attacks/DDoS attacks
• Next message (by thread): gmail security is a joke
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]