gmail security is a joke

• Previous message (by thread): gmail security is a joke
• Next message (by thread): gmail security is a joke
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Somewhat in the weeds here, but I still find it odd/curious that Google is
still using SHA-1 fingerprinted SSL certificates.

Weren't they making a big deal of pushing SHA-2 fingerprinted SSL certs a
while back?

On Wed, May 27, 2015 at 12:16 AM, Octavio Alvarez <octalnanog at alvarezp.org>
wrote:

> On 05/26/2015 08:44 AM, Owen DeLong wrote:
>
>> I think opt-out of password recovery choices on a line-item basis is
>> not a bad concept.
>>
>> For example, I’d want to opt out of recovery with account creation
>> date. If anyone knows the date my gmail account was created, they
>> most certainly aren’t me.
>>
>> OTOH, recovery by receiving a token at a previously registered
>> alternate email address seems relatively secure to me and I wouldn’t
>> want to opt out of that.
>>
>> (( many more snipped ))
>>
>
> I would definitely opt-out from any kind of "secret questions" that I
> couldn't type by myself.
>
> Many many sites still think this is a good idea.
>
> Best regards.
>



-- 
Blair Trosper p.g.a.
S2 Entertainment Partners
Desk:  469-333-8008
Cell:  512-619-8133
Agent/Rep:  WME (Los Angeles, CA) - 310-248-2000
PR/Manager:  BORG (Dallas, TX) - 844-THE-BORG

• Previous message (by thread): gmail security is a joke
• Next message (by thread): gmail security is a joke
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]