On 5/27/2015 03:17, Valdis.Kletnieks@vt.edu wrote:
On Wed, 27 May 2015 09:13:47 +0530, Anil Kumar said:
that link, since I have two-step verification set up, I was presented with a demand for a number provided by the Google Authenticator app on my phone. I provided that number and only then was I allowed to reset the password.
And you have to pre-register the phone number.
Sounds about as secure as you're going to get when trying to scale to 10 digits of users....
And as I said earlier - if your threat model involves needing more security than that, you have bigger problems.. :)
As they say, I no longer have a dog in this fight beyond myself and to an extent (advisory capacity) my wife, but I have been having trouble understanding the concept of organizations ("network operators") with large and legitimate concerns for security issues, using gmail. -- sed quis custodiet ipsos custodes? (Juvenal)
participants (1)
-
Larry Sheldon