Re: google account say it will no longer deliver email

To: debian-user@lists.debian.org
Subject: Re: google account say it will no longer deliver email
From: Curt <curty@free.fr>
Date: Sat, 14 May 2022 08:58:37 -0000 (UTC)
Message-id: <[🔎] slrnt7urpt.1c0.curty@einstein.electron.org>
References: <[🔎] CABC2iTrhMekt385nPZ_mB53hqi8q0CuTViHhUwDJhbsmhjRWEA@mail.gmail.com> <[🔎] 11052022184915.da1551f4026c@desktop.copernicus.org.uk> <[🔎] CABC2iTp3yf=gfFOtrdC2B4ipXtNKivZ-x4zRnqY24h8Jdfjw-g@mail.gmail.com> <[🔎] slrnt7pn41.bb8.virgo.parna@dragon.ad.gaiasoft.ee> <[🔎] CABC2iTqxYpLTcQJZ5prvJkB2Nsab6ZhB54u9aMhTtfhdUtO40g@mail.gmail.com> <[🔎] d62f09f1-e725-2c5b-9c7f-d3ee15a59232@transient.nz> <[🔎] CAJmb-Yk6Z0k5X8LjDATDaBrgWqCbj-kZSic8jFW_0M5G60QLJA@mail.gmail.com> <[🔎] e066eeb3-0a73-a2d5-2637-849d9e9af4e5@transient.nz>

On 2022-05-14, Ash Joubert <ash@transient.nz> wrote:
> On 13/05/2022 12:23, Nicholas Geovanis wrote:
>> That's the value added in exchange for Ash's "massive pain in the arse".
>> Just making the 1st factor be
>> a loong password is not equivalent to 2FA in any way. Machine reaching back
>> to you is the difference.
>
> There are attacks that 2FA can defeat, especially things like password 
> reset via compromised email server, but in general, two weak factors are 
> not a match for a strong unique random password. In particular, it is 
> not uncommon for sms/email/totp second factor to resolve to exactly the 
> same device as the first factor, reducing 2FA to a single factor. 
> Compromise such a user's phone and it is all over.

What about data breaches, and sites keeping your password
in plain text (though it seems access to the cryptographically hashed
passcodes is already a pretty good leg up)? What good is our entropy then?

https://en.wikipedia.org/wiki/List_of_data_breaches

https://arstechnica.com/information-technology/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

Reply to:

Follow-Ups:
- Re: google account say it will no longer deliver email
  - From: <tomas@tuxteam.de>
- Re: google account say it will no longer deliver email
  - From: Brian <ad44@cityscape.co.uk>

References:
- google account say it will no longer deliver email
  - From: Fero Dali <ferodali@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Brian <ad44@cityscape.co.uk>
- Re: google account say it will no longer deliver email
  - From: Fero Dali <ferodali@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Virgo Pärna <virgo.parna@mail.ee>
- Re: google account say it will no longer deliver email
  - From: Fero Dali <ferodali@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Ash Joubert <ash@transient.nz>
- Re: google account say it will no longer deliver email
  - From: Nicholas Geovanis <nickgeovanis@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Ash Joubert <ash@transient.nz>

Prev by Date: Re: google account say it will no longer deliver email
Next by Date: Re: google account say it will no longer deliver email
Previous by thread: Re: google account say it will no longer deliver email
Next by thread: Re: google account say it will no longer deliver email
Index(es):
- Date
- Thread