On (2015-05-26 16:26 +0200), Markus wrote: Hey,
Did you know that anyone, anywhere in the world can get into a gmail account merely by knowing its creation date (month and year is sufficient) and the
Without any comment on what gmail is or is not doing, the topic interests me. How should recovery be done in scalable manner? Almost invariably when the accounts were initially created there is no strong authentication used, how would, even in theory, it be possible to reauthenticate strongly after password was lost? One solution is, that you can opt-out from any password recovery process, which also would mean opt-in for deletion of dormant accounts (no login for 2 years, candidate for deletion?). I personally would opt-in for this in every service I have. I recall gandi allows you to disable password recovery. Perhaps some people would trust, if they could opt-in for reauthentication via some legal entity procuring such services. Then during account creation, you'd need to go through same authentication phase, perhaps tied to nationalID or comparable. This might be reasonable, most people probably already trust one of these for much more important authentication than email, but supporting all of them globally seems like very expensive proposal. -- ++ytti