gmail security is a joke
octalnanog at alvarezp.org
Wed May 27 05:16:01 UTC 2015
On 05/26/2015 08:44 AM, Owen DeLong wrote:
> I think opt-out of password recovery choices on a line-item basis is
> not a bad concept.
> For example, I’d want to opt out of recovery with account creation
> date. If anyone knows the date my gmail account was created, they
> most certainly aren’t me.
> OTOH, recovery by receiving a token at a previously registered
> alternate email address seems relatively secure to me and I wouldn’t
> want to opt out of that.
> (( many more snipped ))
I would definitely opt-out from any kind of "secret questions" that I
couldn't type by myself.
Many many sites still think this is a good idea.
More information about the NANOG