Google Enhances Gmail With New Security Features

Status
Not open for further replies.

xvegan

Distinguished
Mar 30, 2011
11
1
18,515
0
Is this the same google who was working with government entities to overthrow Assad in Syria? Oh boy do I really trust them.
 

DotNetMaster777

Honorable
Jan 22, 2016
204
4
10,685
0
HTTPS websites can be open! for instance using DROWN attack .... so if there is used man-in-the-middle + DROWN .... probably, hackers can read everything ???
 

Because some of them require you to use their own proprietary two-factor app, rather than a generic one like Authy or Google Authenticator.

Looking through my password library, I have a dozen financial and government accounts, five credit card accounts, about 20 shopping accounts, and about 40 membership type accounts (Netflix, UPS, my web host, etc). If every single one of them insisted I use their proprietary two-factor app, it would be insane. So I boycott the sites which won't let me use an app like Authy.
 

Haravikk

Honorable
Sep 14, 2013
317
0
10,790
1
Anyone worried about security really needs to get themselves a digital certificate capable of being used for e-mail encrypting and signing, you don't even really need to get one from a certificate authority, self-signed will do. All you need to do is then give the public part of the certificate to everyone you know so they can install it and begin sending encrypted messages to you; get them to create a certificate of their own and do the same and you can send end-to-end encrypted messages in both directions.

All modern mail clients support S/MIME and signing automatically, so once you've installed each other's certificates it's pretty painless, though you may need to renew them every now and then.

What we really need are more tools to make this easier. None of the mail clients bundled with an operating system seem to have tools for generating encryption/signing certificates built in which is a pretty big omission and makes things more difficult. It would even make sense if there were a way to persistently advertise the public key for an address; while this would let anyone send you encrypted messages, it wouldn't be likely to be used by spammers as they would need to individually encrypt every message that they currently indiscriminately send out in bulk.
 

newbcakes

Honorable
May 21, 2012
115
0
10,710
17
Keep in mind Google makes money from advertising. 2-factor auth requires you give them more information (which they can sell). While I'll agree that it's more secure, you must also keep in mind that the more information you give them the more it serves their agenda. It also puts your information in the hands of numerous others, from whom you're trying to protect that data, right?
 

Haravikk

Honorable
Sep 14, 2013
317
0
10,790
1
Two-factor authentication on its own doesn't require any sensitive information, as you can use the Google Authenticator app (or load the same key into Authy, which is available for more platforms as a Chrome app). The same seems to be true of these security keys; while you can use SMS if you like, there are other options.
 

dstarr3

Honorable
Mar 18, 2014
1,527
0
11,960
52


True. Let me add an asterisk to my statement clarifying that it shouldn't require a proprietary app.
 
Status
Not open for further replies.

ASK THE COMMUNITY