gmail security is a joke
rsk at gsp.org
Thu May 28 21:18:55 UTC 2015
On Thu, May 28, 2015 at 03:13:37PM -0400, William Herrin wrote:
> On Wed, May 27, 2015 at 1:16 AM, Octavio Alvarez
> <octalnanog at alvarezp.org> wrote:
> > I would definitely opt-out from any kind of "secret questions" that I
> > couldn't type by myself.
> > Many many sites still think this is a good idea.
> My first dog's name was a random and unpronounceable 30-character string.
I think this (Bill's) is a very good practice. It's not that difficult
to enumerate the name of every pro sports team in the US, the 100 most
popular dog names, the 200 most common street names, etc. This attack
can be mitigated by limiting attempts...but of course if that's done,
then it's possible for an attacker to lock out the real owner by just
hammering away constantly using assorted botnet hosts.
More information about the NANOG