Re: google account say it will no longer deliver email

To: debian-user@lists.debian.org
Subject: Re: google account say it will no longer deliver email
From: Kamil Jońca <kjonca@o2.pl>
Date: Fri, 13 May 2022 20:01:20 +0200
Message-id: <[🔎] 87mtfll3bj.fsf@alfa.kjonca>
In-reply-to: <EmHgZ-ffzB-3@gated-at.bofh.it> (Brian's message of "Fri, 13 May 2022 19:30:01 +0200")
References: <ElUzD-eLCT-11@gated-at.bofh.it> <ElYMV-eNZO-1@gated-at.bofh.it> <ElYWC-eOix-23@gated-at.bofh.it> <EmdVD-eXh0-1@gated-at.bofh.it> <Emh3b-eZ4l-3@gated-at.bofh.it> <Emq6t-f4B2-3@gated-at.bofh.it> <EmrlT-f5ft-3@gated-at.bofh.it> <EmvSx-f89O-3@gated-at.bofh.it> <EmCU2-fcXE-1@gated-at.bofh.it> <EmHgZ-ffzB-3@gated-at.bofh.it>

Brian <ad44@cityscape.co.uk> writes:

> On Fri 13 May 2022 at 08:42:21 -0400, Michael Stone wrote:
>
>> On Fri, May 13, 2022 at 07:16:11AM +0200, tomas@tuxteam.de wrote:
>> > A loong password is not "equivalent" to 2FA, that's right. Good
>> > password management (of which length is but a part) is as secure
>> > as 2FA.
>> 
>> No, it really isn't.
>
> How does a 40 random character, high entropy sound for Google? Good
> enough to go up against 2FA? Avoiding the tedium and inconveniece,
> of course.

Think about leaks.
Password can be stolen, while with 2fa you have to take control over two
factors.

Saying that IMO "app paswords" (maybe with time validity)  are good
compromise between security and convenience.
And I do not like oauth2 in its current incarnation.
KJ

-- 
http://wolnelektury.pl/wesprzyj/teraz/

Reply to:

Follow-Ups:
- Re: google account say it will no longer deliver email
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: google account say it will no longer deliver email
Next by Date: Re: google account say it will no longer deliver email
Previous by thread: Re: google account say it will no longer deliver email
Next by thread: Re: google account say it will no longer deliver email
Index(es):
- Date
- Thread