Re: google account say it will no longer deliver email

To: debian-user@lists.debian.org
Subject: Re: google account say it will no longer deliver email
From: Brian <ad44@cityscape.co.uk>
Date: Sat, 14 May 2022 13:01:01 +0100
Message-id: <[🔎] 14052022125245.50e7f73a7770@desktop.copernicus.org.uk>
In-reply-to: <[🔎] slrnt7urpt.1c0.curty@einstein.electron.org>
References: <[🔎] CABC2iTrhMekt385nPZ_mB53hqi8q0CuTViHhUwDJhbsmhjRWEA@mail.gmail.com> <[🔎] 11052022184915.da1551f4026c@desktop.copernicus.org.uk> <[🔎] CABC2iTp3yf=gfFOtrdC2B4ipXtNKivZ-x4zRnqY24h8Jdfjw-g@mail.gmail.com> <[🔎] slrnt7pn41.bb8.virgo.parna@dragon.ad.gaiasoft.ee> <[🔎] CABC2iTqxYpLTcQJZ5prvJkB2Nsab6ZhB54u9aMhTtfhdUtO40g@mail.gmail.com> <[🔎] d62f09f1-e725-2c5b-9c7f-d3ee15a59232@transient.nz> <[🔎] CAJmb-Yk6Z0k5X8LjDATDaBrgWqCbj-kZSic8jFW_0M5G60QLJA@mail.gmail.com> <[🔎] e066eeb3-0a73-a2d5-2637-849d9e9af4e5@transient.nz> <[🔎] slrnt7urpt.1c0.curty@einstein.electron.org>

On Sat 14 May 2022 at 08:58:37 -0000, Curt wrote:

> On 2022-05-14, Ash Joubert <ash@transient.nz> wrote:
> > On 13/05/2022 12:23, Nicholas Geovanis wrote:
> >> That's the value added in exchange for Ash's "massive pain in the arse".
> >> Just making the 1st factor be
> >> a loong password is not equivalent to 2FA in any way. Machine reaching back
> >> to you is the difference.
> >
> > There are attacks that 2FA can defeat, especially things like password 
> > reset via compromised email server, but in general, two weak factors are 
> > not a match for a strong unique random password. In particular, it is 
> > not uncommon for sms/email/totp second factor to resolve to exactly the 
> > same device as the first factor, reducing 2FA to a single factor. 
> > Compromise such a user's phone and it is all over.
> 
> What about data breaches, and sites keeping your password
> in plain text (though it seems access to the cryptographically hashed
> passcodes is already a pretty good leg up)? What good is our entropy then?
> 
> https://en.wikipedia.org/wiki/List_of_data_breaches
> 
> https://arstechnica.com/information-technology/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

The time to brute force a hash depends on password entropy. The
second link is an interesting read, but I do not think evrything
in a cracker's garden is rosy. One can only hope providers use
decentt hashing techniques and keep data safe.

-- 
Brian.

Reply to:

References:
- google account say it will no longer deliver email
  - From: Fero Dali <ferodali@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Brian <ad44@cityscape.co.uk>
- Re: google account say it will no longer deliver email
  - From: Fero Dali <ferodali@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Virgo Pärna <virgo.parna@mail.ee>
- Re: google account say it will no longer deliver email
  - From: Fero Dali <ferodali@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Ash Joubert <ash@transient.nz>
- Re: google account say it will no longer deliver email
  - From: Nicholas Geovanis <nickgeovanis@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Ash Joubert <ash@transient.nz>
- Re: google account say it will no longer deliver email
  - From: Curt <curty@free.fr>

Prev by Date: Re: google account say it will no longer deliver email
Next by Date: Re: google account say it will no longer deliver email
Previous by thread: Re: google account say it will no longer deliver email
Next by thread: Re: google account say it will no longer deliver email
Index(es):
- Date
- Thread