Re: google account say it will no longer deliver email

To: debian-user@lists.debian.org
Subject: Re: google account say it will no longer deliver email
From: Celejar <celejar@gmail.com>
Date: Mon, 16 May 2022 09:14:34 -0400
Message-id: <[🔎] 20220516091434.c1a2a4cf1680052a8a51552c@gmail.com>
In-reply-to: <Yn89UK/SevJkjEw2@tuxteam.de>
References: <[🔎] CABC2iTrhMekt385nPZ_mB53hqi8q0CuTViHhUwDJhbsmhjRWEA@mail.gmail.com> <[🔎] 11052022184915.da1551f4026c@desktop.copernicus.org.uk> <[🔎] CABC2iTp3yf=gfFOtrdC2B4ipXtNKivZ-x4zRnqY24h8Jdfjw-g@mail.gmail.com> <[🔎] slrnt7pn41.bb8.virgo.parna@dragon.ad.gaiasoft.ee> <[🔎] CABC2iTqxYpLTcQJZ5prvJkB2Nsab6ZhB54u9aMhTtfhdUtO40g@mail.gmail.com> <[🔎] d62f09f1-e725-2c5b-9c7f-d3ee15a59232@transient.nz> <[🔎] CAJmb-Yk6Z0k5X8LjDATDaBrgWqCbj-kZSic8jFW_0M5G60QLJA@mail.gmail.com> <[🔎] Yn3pmy3btcnV1K0M@tuxteam.de> <[🔎] 08bac560-d2ba-11ec-a5ca-491f092f230a@msgid.mathom.us> <[🔎] af77f657-650b-ca10-b295-d63e0366c17b@transient.nz> <Yn89UK/SevJkjEw2@tuxteam.de>

On Sat, 14 May 2022 07:25:36 +0200
<tomas@tuxteam.de> wrote:

> On Sat, May 14, 2022 at 03:05:11PM +1200, Ash Joubert wrote:
> > On 14/05/2022 00:42, Michael Stone wrote:
> > > On Fri, May 13, 2022 at 07:16:11AM +0200, tomas@tuxteam.de wrote:
> > > > A loong password is not "equivalent" to 2FA, that's right. Good
> > > > password management (of which length is but a part) is as secure
> > > > as 2FA.
> > > 
> > > No, it really isn't.
> > 
> > A good password will not protect you from password reset via a weak channel
> > such as email on an insecure server.
> > 
> > 2FA will not protect you if the second factor is weak or resolves to the
> > same device. Hint: if you store your password and TOTP key in the same
> > manager then you have only one factor.
> 
> Not to speak of SIM spoofing or social engineering of your mobile phone
> provider (yes, it has been observed in the wild). There goes your SMS
> second factor.

Once again, it is well understood (although, bafflingly, often not by
those who should care, such as financial institutions) that SMS is a
terrible choice for 2FA. Hardware tokens, or at least authenticator
apps, are far better. (Although as others have pointed out in this
thread, if your auth app is stored together with your password, that
can eliminate some (but not all) of the benefits of 2FA.)

-- 
Celejar

Reply to:

References:
- google account say it will no longer deliver email
  - From: Fero Dali <ferodali@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Brian <ad44@cityscape.co.uk>
- Re: google account say it will no longer deliver email
  - From: Fero Dali <ferodali@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Virgo Pärna <virgo.parna@mail.ee>
- Re: google account say it will no longer deliver email
  - From: Fero Dali <ferodali@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Ash Joubert <ash@transient.nz>
- Re: google account say it will no longer deliver email
  - From: Nicholas Geovanis <nickgeovanis@gmail.com>
- Re: google account say it will no longer deliver email
  - From: <tomas@tuxteam.de>
- Re: google account say it will no longer deliver email
  - From: Michael Stone <mstone@debian.org>
- Re: google account say it will no longer deliver email
  - From: Ash Joubert <ash@transient.nz>
- Re: google account say it will no longer deliver email
  - From: <tomas@tuxteam.de>

Prev by Date: Re: google account say it will no longer deliver email
Next by Date: Re: google account say it will no longer deliver email
Previous by thread: Re: google account say it will no longer deliver email
Next by thread: Re: google account say it will no longer deliver email
Index(es):
- Date
- Thread