gmail security is a joke

Rafael Possamai rafael at
Wed May 27 13:27:18 UTC 2015

You can also register a U2F key.

On Wed, May 27, 2015 at 3:17 AM, <Valdis.Kletnieks at> wrote:

> On Wed, 27 May 2015 09:13:47 +0530, Anil Kumar said:
> > that link, since I have two-step verification set up, I was presented
> > with a demand for a number provided by the Google Authenticator
> > app on my phone. I provided that number and only then was I allowed
> > to reset the password.
> And you have to pre-register the phone number.
> Sounds about as secure as you're going to get when trying to scale to 10
> digits of users....
> And as I said earlier - if your threat model involves needing more security
> than that, you have bigger problems.. :)

More information about the NANOG mailing list