Re: google account say it will no longer deliver email

To: debian-user@lists.debian.org
Subject: Re: google account say it will no longer deliver email
From: Brian <ad44@cityscape.co.uk>
Date: Sat, 14 May 2022 14:02:36 +0100
Message-id: <[🔎] 14052022135013.ac7d52d2c6ed@desktop.copernicus.org.uk>
In-reply-to: <[🔎] slrnt7v6j9.1c0.curty@einstein.electron.org>
References: <[🔎] 11052022184915.da1551f4026c@desktop.copernicus.org.uk> <[🔎] CABC2iTp3yf=gfFOtrdC2B4ipXtNKivZ-x4zRnqY24h8Jdfjw-g@mail.gmail.com> <[🔎] slrnt7pn41.bb8.virgo.parna@dragon.ad.gaiasoft.ee> <[🔎] CABC2iTqxYpLTcQJZ5prvJkB2Nsab6ZhB54u9aMhTtfhdUtO40g@mail.gmail.com> <[🔎] d62f09f1-e725-2c5b-9c7f-d3ee15a59232@transient.nz> <[🔎] CAJmb-Yk6Z0k5X8LjDATDaBrgWqCbj-kZSic8jFW_0M5G60QLJA@mail.gmail.com> <[🔎] e066eeb3-0a73-a2d5-2637-849d9e9af4e5@transient.nz> <[🔎] slrnt7urpt.1c0.curty@einstein.electron.org> <[🔎] Yn90o6zXodQSTSgq@tuxteam.de> <[🔎] slrnt7v6j9.1c0.curty@einstein.electron.org>

On Sat 14 May 2022 at 12:02:49 -0000, Curt wrote:

> On 2022-05-14, <tomas@tuxteam.de> <tomas@tuxteam.de> wrote:
> >
> > On Sat, May 14, 2022 at 08:58:37AM -0000, Curt wrote:
> >
> > [...]
> >
> >> What about data breaches, and sites keeping your password
> >> in plain text (though it seems access to the cryptographically hashed
> >> passcodes is already a pretty good leg up)? What good is our entropy then?
> >
> > As stated elsewhere: unique passwords. Don't use a password you're using
> > elsewhere. Much less so with a site you don't trust.
> 
> As always, I'm very uncertain where your goal posts are placed or what
> tacit agenda you're following. No one has advocated the use of unique
> passwords. 
> 
> In my plausible scenario, you're password entropy counts for nothing.
> Your password, unique or otherwise, has been compromised. 2FA would
> prevent illegal entry to your account in this case. The subject we're
> addressing here is your assertion that 2FA adds no extra security. I
> have demonstrated that it does.

Preventing data breaches are outside the scope of the user, providing
a high entropy password is not. If accessing a  site is of importance
to him, then, in your plausible scenario, an eight character password
effectively gives little security.

That is not an argument for 2FA but for a user having a responsible
password policy to guard agains such breaches.

-- 
Brian.

Reply to:

Follow-Ups:
- Re: google account say it will no longer deliver email
  - From: David Wright <deblis@lionunicorn.co.uk>

References:
- Re: google account say it will no longer deliver email
  - From: Brian <ad44@cityscape.co.uk>
- Re: google account say it will no longer deliver email
  - From: Fero Dali <ferodali@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Virgo Pärna <virgo.parna@mail.ee>
- Re: google account say it will no longer deliver email
  - From: Fero Dali <ferodali@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Ash Joubert <ash@transient.nz>
- Re: google account say it will no longer deliver email
  - From: Nicholas Geovanis <nickgeovanis@gmail.com>
- Re: google account say it will no longer deliver email
  - From: Ash Joubert <ash@transient.nz>
- Re: google account say it will no longer deliver email
  - From: Curt <curty@free.fr>
- Re: google account say it will no longer deliver email
  - From: <tomas@tuxteam.de>
- Re: google account say it will no longer deliver email
  - From: Curt <curty@free.fr>

Prev by Date: Re: google account say it will no longer deliver email
Next by Date: Re: Editing the DNS with Network Manager Non Root
Previous by thread: Re: google account say it will no longer deliver email
Next by thread: Re: google account say it will no longer deliver email
Index(es):
- Date
- Thread