gmail security is a joke
saku at ytti.fi
Tue May 26 16:11:51 UTC 2015
On (2015-05-26 17:44 +0200), Owen DeLong wrote:
> I think opt-out of password recovery choices on a line-item basis is not a bad concept.
This sounds reasonable. At least then you could decide which balance of
risk/convenience fits their use-case for given service.
> OTOH, recovery by receiving a token at a previously registered alternate email address
> seems relatively secure to me and I wouldn???t want to opt out of that.
It's probably machine sent in seconds or minute after request, so doing
short-lived BGP hijack of MX might be reasonably easy way to get the email.
> Recovery by SMS to a previously registered phone likewise seems reasonably secure
> and I wouldn???t want to opt out of that, either.
I have tens of coworkers who could read my SMS.
> Really, you don???t need to strongly authenticate a particular person for these accounts.
> You need, instead, to authenticate that the person attempting recovery is reasonably
> likely to be the person who set up the account originally, whether or not they are who
> they claimed to be at that time.
As long as user has the power to choose which risks are worth carrying, I
think it's fine.
For my examples, I wouldn't care about email/SMS risk if it's
linkedin/twitter/facebook account. But if it's my domain hoster, I probably
wouldn't want to carry either risk, as the whole deck of cards collapses if
you control my domains (all email recoveries compromised)
More information about the NANOG