gmail security is a joke

Larry Sheldon larrysheldon at
Wed May 27 08:39:33 UTC 2015

On 5/27/2015 03:17, Valdis.Kletnieks at wrote:
> On Wed, 27 May 2015 09:13:47 +0530, Anil Kumar said:
>> that link, since I have two-step verification set up, I was presented
>> with a demand for a number provided by the Google Authenticator
>> app on my phone. I provided that number and only then was I allowed
>> to reset the password.
> And you have to pre-register the phone number.
> Sounds about as secure as you're going to get when trying to scale to 10
> digits of users....
> And as I said earlier - if your threat model involves needing more security
> than that, you have bigger problems.. :)

As they say, I no longer have a dog in this fight beyond myself and to 
an extent (advisory capacity) my wife, but I have been having trouble 
understanding the concept of organizations ("network operators") with 
large and legitimate concerns for security issues, using gmail.

sed quis custodiet ipsos custodes? (Juvenal)

More information about the NANOG mailing list