what happened to gmail.
Paul Mooring
paul at getchef.com
Sun Aug 3 13:55:57 MST 2014
More importantly the code changes and is sent to your phone when you
request it (at log on). There's a lot of practical reasons why this is
orders of magnitude better than a static code which amounts to another
password. To understand why think about how most web services end up
getting compromised.
- Most commonly a vulnerability is discovered in the web service (or
another web service where you used the same e-mail/password combo, so get a
password manager!).
- Given a database of users and password hashes, the attacker would attempt
to brute force or "guess" the password with automated software
- If the password is in plain text (not hashed) in the web services
database, it's already game over
- If he hashed password doesn't use a salt (
http://en.wikipedia.org/wiki/Salt_%28cryptography%29), pre-computed rainbow
tables make getting the plain text password trivial
- Having discovered a username/password combo, the attacker would gain
access and generally try to use the same combination on other popular
services (gmail, facebook...)
With that process in mind, you could easily use the same account
credentials on a much smaller and less secure service than gmail and have
that service become your attack vector. As you can imagine most people
have a whole lot of e-mail indicating nearly every online service they use,
and password re-use is rampant. That means once you have your gmail
account compromised a cascading waterfall of sorrow can follow.
The take away from all this is, your important services should have unique
passwords *and* 2 factor auth. If you need your phone to get in to gmail,
amazon, $BANK, ebay... then so does the attacker meaning you have really
massive gains in terms of safety and piece-of-mind.
On Sat, Aug 2, 2014 at 12:30 AM, Stephen Partington <cryptworks at gmail.com>
wrote:
> 2 factor authentication adds a whole second layer to your login. So you
> need a code plus password to authenticate from an untrusted location. If
> you look under security settings you can get more details.
> On Aug 2, 2014 12:26 AM, "Michael Havens" <bmike1 at gmail.com> wrote:
>
>> sorry for the delay.... I just got home from work.
>> I don't know what 2-factor auth is so I may have accidentally enabled it.
>> How do I check that? WHy do you so highly recommend it, Stephen?
>>
>> As for the priority inbox/social media thing.... my primaryinbox never
>> changed when google changed their page. My business email did change
>> though. It didn't affect me so I thought nothing of it
>>
>> :-)~MIKE~(-:
>>
>>
>> On Fri, Aug 1, 2014 at 2:55 PM, Eric Cope <eric.cope at gmail.com> wrote:
>>
>>> did you enable 2-factor auth?
>>>
>>> Eric
>>>
>>>
>>> On Fri, Aug 1, 2014 at 2:29 PM, Michael Torres <matorres124 at gmail.com>
>>> wrote:
>>>
>>>> Are you using Chrome? or FireFox?
>>>>
>>>> Strange thing happened to me where i could not view any of my messages
>>>> in FireFox anymore, so I have to access my gmail account in Chrome.
>>>>
>>>> Mike
>>>>
>>>>
>>>> On Fri, Aug 1, 2014 at 2:26 PM, Michael Havens <bmike1 at gmail.com>
>>>> wrote:
>>>>
>>>>> so it only happened to me then it seems.
>>>>>
>>>>> :-)~MIKE~(-:
>>>>>
>>>>>
>>>>> On Fri, Aug 1, 2014 at 2:24 PM, Stephen Partington <
>>>>> cryptworks at gmail.com> wrote:
>>>>>
>>>>>> no idea
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Aug 1, 2014 at 2:22 PM, Michael Havens <bmike1 at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> no. I only used web mail. I never could get pop to work.
>>>>>>>
>>>>>>> :-)~MIKE~(-:
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Aug 1, 2014 at 2:18 PM, Stephen Partington <
>>>>>>> cryptworks at gmail.com> wrote:
>>>>>>>
>>>>>>>> did you use a pop email client?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Aug 1, 2014 at 2:05 PM, Michael Havens <bmike1 at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> I opened it this morning and my inbox was empty. 4 years worth of
>>>>>>>>> stuff was just gone!
>>>>>>>>> :-)~MIKE~(-:
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------
>>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> A mouse trap, placed on top of your alarm clock, will prevent you
>>>>>>>> from rolling over and going back to sleep after you hit the snooze button.
>>>>>>>>
>>>>>>>> Stephen
>>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------
>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> A mouse trap, placed on top of your alarm clock, will prevent you
>>>>>> from rolling over and going back to sleep after you hit the snooze button.
>>>>>>
>>>>>> Stephen
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
--
Paul Mooring
Operations Engineer
Chef
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20140803/10c93fb8/attachment.html>
More information about the PLUG-discuss
mailing list