gmail security is a joke
blair.trosper at gmail.com
Thu May 28 19:09:39 UTC 2015
Somewhat in the weeds here, but I still find it odd/curious that Google is
still using SHA-1 fingerprinted SSL certificates.
Weren't they making a big deal of pushing SHA-2 fingerprinted SSL certs a
On Wed, May 27, 2015 at 12:16 AM, Octavio Alvarez <octalnanog at alvarezp.org>
> On 05/26/2015 08:44 AM, Owen DeLong wrote:
>> I think opt-out of password recovery choices on a line-item basis is
>> not a bad concept.
>> For example, I’d want to opt out of recovery with account creation
>> date. If anyone knows the date my gmail account was created, they
>> most certainly aren’t me.
>> OTOH, recovery by receiving a token at a previously registered
>> alternate email address seems relatively secure to me and I wouldn’t
>> want to opt out of that.
>> (( many more snipped ))
> I would definitely opt-out from any kind of "secret questions" that I
> couldn't type by myself.
> Many many sites still think this is a good idea.
> Best regards.
Blair Trosper p.g.a.
S2 Entertainment Partners
Agent/Rep: WME (Los Angeles, CA) - 310-248-2000
PR/Manager: BORG (Dallas, TX) - 844-THE-BORG
More information about the NANOG