BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Cutting the phone line

Subject: [Discuss] Cutting the phone line
From: richb at pioneer.ci.net (Rich Braun)
Date: Sun, 29 Jul 2012 18:16:34 -0700
In-reply-to: <20120729153650.8396431b8822a24f0d8f8d02@borg.org>
References: <mailman.5.1343491204.18650.discuss@blu.org> <801F488E-F6B1-40FB-AC14-0A6A123B7390@pioneer.ci.net> <20120729153650.8396431b8822a24f0d8f8d02@borg.org>

Actually, Google is by far the best free public site in terms of authentication technology. They provide 2-factor auth in a couple different ways (RSA in a mobile app, plus a fairly cool text-back method). So a big leak of hashed pws from a Google back end wouldn't compromise your accounts as badly as at other sites, and they manage to keep various services separate. (A burglar who takes your VoIP box might get into your voicemail but can't get your email, etc.)

Read about it, there's quite an interesting amount of innovation the past 2-3 years in this area at Google. What's also amazing is how well they avoid the lockout problem I run into at work and various other sites: I've never had to press the forgot-password button there.

-rich

Sent from my mobile

On Jul 29, 2012, at 12:36, Kent Borg <kentborg at borg.org> wrote:

> On Sun, 29 Jul 2012 10:40:13 -0700
> Rich Braun <richb at pioneer.ci.net> wrote: 
>> The Obi110 box is capable of a lot of things I've yet to figure out. 
>> I just use it in its default settings. You plug it into your LAN switch, 
>> plug a phone's RJ11 cord into it, go to the obitalk site and enter the 
>> unit's serial number. Then enter your gmail account credentials. Done.
> 
> Sounds cool.
> 
> But I get worried again.  You know how each time there is a security breach and someone posts thousands of login credentials, complete with unencrypted passwords, we all tsk-tsk and shake our heads wondering how those programmers could be so silly?
> 
> Well, if you expect some third party to login to Google on your behalf, what choice do they have?  Unless Google implements some special on-my-behalf feature for this case (they kinda do for gmail), your password is sitting on some disk, and that disk's backups, in the clear.
> 
> If you only use your Google credentials for Google Voice, or keep a separate account for Voice, whatever parts of your life that you have let Google have, can leak through another hole, a hole that is hard to secure.
> 
> -kb
> 
> -- 
> Kent Borg <kentborg at borg.org>

References:
- [Discuss] Cutting the phone line
  - From: richb at pioneer.ci.net (Rich Braun)
- [Discuss] Cutting the phone line
  - From: kentborg at borg.org (Kent Borg)

Prev by Date: [Discuss] Cutting the phone line
Next by Date: [Discuss] Cutting the phone line
Previous by thread: [Discuss] Cutting the phone line
Next by thread: [Discuss] Cutting the phone line
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org