Google Enhances Gmail With New Security Features

[Lucian Armasu]

Google announced new security features for Gmail users, including a new standard for ensuring email encryption is more reliable, as well as a warning to targets of state-sponsored attacks to use two-factor authentication.

Google Enhances Gmail With New Security Features : Read more

 

[ZeusGamer]

Wow, the government really won't stop until they have every account that you've got huh?

 

[dstarr3]

If a website or service offers two-factor authentication, I can't fathom why you would not activate it.

 

[xvegan]

Is this the same google who was working with government entities to overthrow Assad in Syria? Oh boy do I really trust them.

 

[DotNetMaster777]

HTTPS websites can be open! for instance using DROWN attack .... so if there is used man-in-the-middle + DROWN .... probably, hackers can read everything ???

 

[Solandri]

If a website or service offers two-factor authentication, I can't fathom why you would not activate it.

Because some of them require you to use their own proprietary two-factor app, rather than a generic one like Authy or Google Authenticator.

Looking through my password library, I have a dozen financial and government accounts, five credit card accounts, about 20 shopping accounts, and about 40 membership type accounts (Netflix, UPS, my web host, etc). If every single one of them insisted I use their proprietary two-factor app, it would be insane. So I boycott the sites which won't let me use an app like Authy.

 

[Haravikk]

Anyone worried about security really needs to get themselves a digital certificate capable of being used for e-mail encrypting and signing, you don't even really need to get one from a certificate authority, self-signed will do. All you need to do is then give the public part of the certificate to everyone you know so they can install it and begin sending encrypted messages to you; get them to create a certificate of their own and do the same and you can send end-to-end encrypted messages in both directions.

All modern mail clients support S/MIME and signing automatically, so once you've installed each other's certificates it's pretty painless, though you may need to renew them every now and then.

What we really need are more tools to make this easier. None of the mail clients bundled with an operating system seem to have tools for generating encryption/signing certificates built in which is a pretty big omission and makes things more difficult. It would even make sense if there were a way to persistently advertise the public key for an address; while this would let anyone send you encrypted messages, it wouldn't be likely to be used by spammers as they would need to individually encrypt every message that they currently indiscriminately send out in bulk.

 

[newbcakes]

Keep in mind Google makes money from advertising. 2-factor auth requires you give them more information (which they can sell). While I'll agree that it's more secure, you must also keep in mind that the more information you give them the more it serves their agenda. It also puts your information in the hands of numerous others, from whom you're trying to protect that data, right?

 

[Haravikk]

Two-factor authentication on its own doesn't require any sensitive information, as you can use the Google Authenticator app (or load the same key into Authy, which is available for more platforms as a Chrome app). The same seems to be true of these security keys; while you can use SMS if you like, there are other options.

 

[dstarr3]

If a website or service offers two-factor authentication, I can't fathom why you would not activate it.

Because some of them require you to use their own proprietary two-factor app, rather than a generic one like Authy or Google Authenticator.

Looking through my password library, I have a dozen financial and government accounts, five credit card accounts, about 20 shopping accounts, and about 40 membership type accounts (Netflix, UPS, my web host, etc). If every single one of them insisted I use their proprietary two-factor app, it would be insane. So I boycott the sites which won't let me use an app like Authy.

True. Let me add an asterisk to my statement clarifying that it shouldn't require a proprietary app.