gmail security is a joke

• Previous message (by thread): gmail security is a joke
• Next message (by thread): gmail security is a joke
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 28, 2015 at 03:13:37PM -0400, William Herrin wrote:
> On Wed, May 27, 2015 at 1:16 AM, Octavio Alvarez
> <octalnanog at alvarezp.org> wrote:
> > I would definitely opt-out from any kind of "secret questions" that I
> > couldn't type by myself.
> >
> > Many many sites still think this is a good idea.
> 
> My first dog's name was a random and unpronounceable 30-character string.

I think this (Bill's) is a very good practice.  It's not that difficult
to enumerate the name of every pro sports team in the US, the 100 most
popular dog names, the 200 most common street names, etc.  This attack
can be mitigated by limiting attempts...but of course if that's done,
then it's possible for an attacker to lock out the real owner by just
hammering away constantly using assorted botnet hosts.

---rsk

• Previous message (by thread): gmail security is a joke
• Next message (by thread): gmail security is a joke
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]