'Google Just Made Gmail the Most Secure Email Provider on the Planet' (vice.com) 197
Google announced on Tuesday that it would offer stronger online security for "high risk" users who may be frequent targets of online attacks. The company said anyone with a personal Google account can enroll in the new "advanced protection," while noting that it will require users to "trade off a bit of convenience" for extra security. Motherboard reports: The main advantage in terms of security is the need for a key or token to log in as the second factor, instead of a code sent via SMS or via app. This is much better because there's no way for hackers to steal or phish this key from afar (there have been isolated incidents of hackers using social engineering to gain access to someone's cell phone number by getting the provider to issue a new SIM card, for instance). Thanks to these new features, Gmail is now the most secure email provider available on the internet if you are worried about hackers breaking into your private correspondence. "This is a major step in the right direction in offering the same kind of protection available to high-profile figures to everyday people," Kenneth White, a Washington D.C. based security consultant to federal agencies, told Motherboard. "They have really thought this through, and while it may not make sense for everyone, for those that need it, it's a much needed option."
It's the same tool my identity theft plan uses (Score:4, Interesting)
I specify that Congress should make broad legislation allowing a regulatory agency to select the most-appropriate, affordable, and effective technology of today; and today, that is the FIDO U2F Security key with RSA or ECC encryption. That's how I'm going to defeat identity theft once and for all [johnmoserforcongress.com].
Re: It's the same tool my identity theft plan uses (Score:2, Insightful)
Doesnâ(TM)t matter. Their keys are used by other providers already. A friend of mine uses Auth-Anvil as a two-factor for his service which includes email access.
The most secure system is to host it yourself, and encrypt the contents with a key you only have access to.
Re: It's the same tool my identity theft plan uses (Score:5, Funny)
"Is that you Hillary?"
Sorry, my jokes are 6 months behind, I meant,"Is that you Jared?" [nypost.com]
Client-side encryption system: Which one? (Score:2)
I haven't found a client-side encryption system that is easy to install, or one that gives me confidence in its design.
Advice? We need it for ourselves and we support many people who use the Windows OS.
What do you recommend? (Score:2)
What do you recommend for some other OS, such as Linux or BSD?
Re:It's the same tool my identity theft plan uses (Score:5, Interesting)
How about FIDO U2F and the Google Authenticator ( RFC 6238 and RFC 4226)? The six digit TOTP code has been proven across many, many sites (I use it on Microsoft's, Amazon's, gmail's, and many others.)
What would be nice would be a dedicated PDA-like device with a camera for reading QR codes, a touch screen for inputting codes by hand, a charge-only USB interface, and a SD card interface for backing up the OTP seeds. The device never sees, nor cares about the Internet, and is only connected to a USB cable to get power.
The closest to this we have now is an iPod Touch.
Re: (Score:2)
The U2F system stores a private encryption key generated on the device only on the device itself. The 6-digit TOTP code is stored at both endpoints.
If you hack Equifax and they identify people by TOTP, you have all the TOTP keys and can pretend to be anyone. If they identify people by U2F, you have to modify the public keys Equifax uses to identify people--which means they can no longer identify themselves (it's noisy). If you don't perform that modification, you don't get any information with which to
Re: (Score:2)
TOTP can be defeated by man in the middle attacks too.
Those U2F modules will check the certificates of the place you're connecting to and negotiate directly your auth request.
Re: (Score:2)
Agreed. Because it is a shared secret and MITM-able if the SSL link is not present, it isn't perfect. However, it is far better than 99.99% of what is out there. The ideal is definitely the U2F token, but oftentimes, one may not be at a place where they can plug that in.
They did. The agency requires MD5 (SHA256 not ok) (Score:3)
> I specify that Congress should make broad legislation allowing a regulatory agency to select the most-appropriate, affordable, and effective technology of today;
They did. The federal government requires MD5. SHA256 is not acceptable for many federal uses (though it is now FIPS), because they haven't updated the relevant federal standards. Our system of government was designed to be fair, transparent, and flexible. It was not designed to be fast and efficient.
Re: (Score:2)
Congress is even slower than regulatory boards.
SHA256 is not an identification protocol.
I want even less security (Score:3, Insightful)
somehow I wish the reverse, I hate it google block me access to their web site everytime I change my location, I would like to somehow turn off whatever they had till now. As a user want to have the choice to access my email account as it fits to me, from whenever I want to, is missing with Google.
Re: (Score:2)
Use IMAP or POP and a real mail client. Don't use the web interface.
Or use a 3rd party web interface that backends via IMAP or POP.
Re: (Score:2)
If a web interface is properly secured and you haven't completely disabled your browser's security settings, why would it be any less secure than IMAP or POP?
Re: (Score:2)
GP doesn't want to need to log in every time. I was suggesting a couple of ways to do that. You could argue (I would not) that not having to log in every week or two or every time you move locations is less secure. Whatever.
I was just suggesting ways they would not have to re-log-in.
For a given value of secure (Score:4, Insightful)
Is it secure from Google?
Re: (Score:3)
If they can still centrally read all GMail, then so can anyone else (with a large enough budget).
Or anyone with a secret court order or national security letter.
That doesn't just include the government, but any individual working for the government in a position to gain such access, as well as anyone who controls such a person. And anyone who works in a position of trust in Google, and anyone who controls such a person.
And anyone who has breached either Google's or the government's security.
The front door is the least of the worries here.
good for some, not for others (Score:3)
Some things just need "good enough" security and the likelihood that anyone cares enough to hack them is a risk you accept for the practical real-world usability of the thing.
Chrome only... (Score:5, Insightful)
I skimmed Google's write-up of their new offering, and was seriously considering looking into this. I bear no delusions of self-grandeur, or that anyone would have any reason to be interested in sorting through all the confirmation e-mails for the coffee I buy off Amazon; but I do have some key data tied up in the Googleverse, and the cost of an extra keyfob would not exactly break the bank. However, then I came to this:
Google services on the web
You will only be able to use the Chrome browser to access signed-in services like Gmail or Photos.
That breaks the deal for me, since I don't use Chrome, and it would not be convenient for me, for a few reasons. I can't really think of any valid technical reason why this results in any actual security, unless Chrome pins Google's CA; but the same thing can be done in any other browser too.
Re:Chrome only... (Score:5, Informative)
No one else supports the FIDO U2F security key standard in their browser. FireFox should be getting around to it anytime now, and I believe that Opera does. But that's probably why: the valid technical reason is that no one else supports the security standard.
Re: (Score:3)
This also is a deal-breaker for me, since I use a program called Boxcryptor with Google Drive and other cloud services. I like packing my own parachute and having my own encryption layer.
They did? (Score:5, Insightful)
So they're now encrypting all the emails being stored on their servers and don't hold the key themselves?
Because if they're not doing that, then they're not anything close to "the most secure email provider on the planet".
Re: (Score:3)
Re: (Score:2)
Not just that, but everything requires Google's apps (Chrome, Gmail, etc.), which requires you to let Google track you.
You can use Gmail without any of Google's apps.
Re: (Score:2)
Re: (Score:2)
You can't use this the dongle described in the post without Google's apps.
Hmm. Probably true... though not certainly true. As I understand it, the protocols are open and standardized, so it should be possible to write, say, a Thunderbird plugin to do it.
Re: (Score:2)
No provider can encrypt all the e-mails stored on their server without holding the key themselves. End-to-end means it's encrypted at the end.
Re: (Score:2)
That's not true, it's done all the time. That's the main benefit of public key encryption: the key you use to encrypt and the key you use to decrypt are two different things. The provider holds the public key and uses that to encrypt. It doesn't hold the private key that is required to decrypt.
Re: (Score:2)
How do you know the provider isn't storing a journal of pre-encrypted e-mails?
How do you know the provider hasn't received a National Security Letter forbidding them to tell anyone that they've been ordered to store the plain-text e-mails for you before encryption?
Your point is valid--they can do a one-way encryption--but it only raises further concerns. Fifty points to Ravenclaw, anyway; nice catch.
Re: (Score:2)
How do you know the provider isn't storing a journal of pre-encrypted e-mails?
How do you know the provider hasn't received a National Security Letter forbidding them to tell anyone that they've been ordered to store the plain-text e-mails for you before encryption?
You don't, obviously -- but if you need that level of security, then you shouldn't be using this sort of email provider. What encrypting the data at rest gets you is protection against attackers that may have gained access to the mailserver's database. It doesn't protect you against a malicious or incompetent service provider, and it certainly doesn't protect you against governmental attention.
Still, it would be stronger protection against non-governmental attackers than what they're doing.
Re: (Score:2)
"Secure" is a word that is meaningless without a threat model.
Not meaningless, but your point is solid. In the absence of specifying a threat model, I take "secure" as meaning "nobody can access the data without my permission".
Also, it's worth noting that you probably don't actually want the thing you're asking for.
Oh yes I do. I go to a fair bit of effort right now to make sure I have it.
Key management is hard.
It's not hard, exactly, but it does take ongoing attention.
You need to use another email client and use S/MIME or PGP mail.
Or, even easier, use a mail provider that offers end-to-end encryption. That doesn't cover email in transit, but it does cover email at rest.
Re: (Score:2)
Oh, and I forgot the most important part:
None of what you say changes the fact that this change in no way makes GMail "the most secure email provider on the planet".
Re: (Score:2)
Oh, and I forgot the most important part:
None of what you say changes the fact that this change in no way makes GMail "the most secure email provider on the planet".
A claim that I'm fairly certain Google never made.
Re: (Score:2)
I didn't think Google said it. It's press hyperbole.
Re: (Score:2)
Or, even easier, use a mail provider that offers end-to-end encryption. That doesn't cover email in transit, but it does cover email at rest.
But still means that you trust your mail provider not to look at your email... because it arrives in plaintext. And that's only one of the problems. What provider do you use?
Re: (Score:2)
But still means that you trust your mail provider not to look at your email... because it arrives in plaintext. And that's only one of the problems.
Yes, that's why it's an incomplete solution -- but better than what Google is offering here. If the mail is encrypted at rest, that eliminates quite a lot of risk.
What provider do you use?
I run my own mailserver, but I do know there are multiple viable options if you want a third party solution.
Re: (Score:2)
But still means that you trust your mail provider not to look at your email... because it arrives in plaintext. And that's only one of the problems.
Yes, that's why it's an incomplete solution -- but better than what Google is offering here. If the mail is encrypted at rest, that eliminates quite a lot of risk.
Well, Google does encrypt your email (and everything else) at rest. Fundamentally, though, either you trust your email provider not to read your email or you encrypt everything before it gets to them.
What provider do you use?
I run my own mailserver, but I do know there are multiple viable options if you want a third party solution.
The reason I asked is because I wanted to point out all the ways in which those third-party solutions don't meet your requirements. :-)
Running your own mail server does, assuming you can secure it adequately, which is much harder than it appears. In particular, there is no way that your mail server has anythi
Re: (Score:2)
Well, Google does encrypt your email (and everything else) at rest.
...which was half of my original question. That's good news, and I'm happy to get an answer! Particularly from someone who actually works for Google.
Fundamentally, though, either you trust your email provider not to read your email or you encrypt everything before it gets to them.
This is true. Not only your email provider, but the email provider at the other end of the communication (and every server in between, if the mail was relayed). The fact remains that sending an email is analogous to sending a postcard through the postal service in terms of security while in transit.
In my view, the larger security risk is when the email is store
Re: (Score:2)
Also true, but not as important. If people have gained access to my home, the security of my email is perhaps the least of my security problems.
Maybe... looking only at money, I have a lot more of it in my bank and brokerage accounts than is in movable form in my house (the house itself is worth more, but hard to steal), and compromising my email would probably net a clever attacker access to that money. I should mention that my personal email account is on a personal domain hosted by Google, i.e. Gmail. I use hardware tokens for authentication most of the time, though I do also have the Authenticator app set up. SMS auth is turned *off*.
Regardin
Re: (Score:2)
compromising my email would probably net a clever attacker access to that money.
This made me do a quick mental inventory -- I don't think I have any emails that would give attackers enough information to drain my accounts -- but my email archives go back nearly two decades, so I can't be sure.
In any case, they're all encrypted, and my private key does not exist on any of my servers. Plus, between the whole disk encryption and the email storage encryption, if the server is rebooted, they'd need to crack two layers of encryption. Not a guarantee, of course, but I consider it adequate.
I s
Re: (Score:2)
Very nice comment!
I would argue that E2Email can, in the future, allow users to dynamically interact with email recipients that both use and don't use E2Email themselves (obviously, with those who don't use it, communication will not be encrypted). It just needs access to a service that, when queried with a recipient, will state if recipient is using it or not. Something like Signal or Whatsapp do with phone numbers.
Of course this brings other problems to the table, being a centralized service, like imperso
Re: (Score:2)
Of course this brings other problems to the table, being a centralized service, like impersonating the service, or worse, impersonating recipients to that service in order to flag them as encryption-using thus preventing data decription of messages on their end.
Also, loss of your decryption keys, rendering all of your email inaccessible forever.
Re: They did? (Score:2)
The barrier to entry for using PKI is pretty high for your average human. Not only do you have to get people using the same (or compatible) tools but they have to understand the setup. I actually joined my current company because they had a product that solved that. (Shameless plug: virtru) The only way to get normal people using crypto is to make it trivial. You may have to make some small sacrifices to get there but the end result is a better place.
Re:They did? (Score:5, Informative)
Mod parent up.
Without encryption on server and with law enforcement having backdoor access to Gmail, etc., this is meaningless.
Actually, Google does encrypt all of the email (and all other user data) on its servers, and even in-transit between servers in Google data centers, as well as in-transit between Google servers and your browser and (if supported by the other end) in transit between Google servers and non-Google email servers. Google encrypts all the things, all the time.
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase. What law enforcement does have is search warrants, subpoenas and national security letters (though NSLs provide access to metadata only, not content -- not that metadata isn't very valuable). If law enforcement or other authorized agents of the courts present a valid and duly authorized document which legally compels Google to hand over your data, Google will hand over your data. If it's not correctly executed, is overly broad or has some other legal defect, Google will refuse.
If you don't like that warrants, subpoenas and NSLs can be used to access your data, either move it to a jurisdiction not subject to such rules, or take it up with your political representatives. Or switch from email to a communication protocol that was designed with end-to-end security in mind, with all of the limitations that entails (mostly, that you will have a hard time keeping old messages for a long time... and if it's really easy to use, chances are god that implies there is some entity playing a trusted role which could defeat the security).
Hoops (Score:3, Interesting)
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase.
And you have what evidence for this? Unless you actually work at Google in a fairly technically privileged position you would have no way to know if they do or do not have backdoor access under any definition of the term you care to use. You would have to be daft to presume that organizations like the NSA or law enforcement agencies don't have or cannot get access to your communications with or without Google's permission. While you are correct that in general they would need to jump through hoops, there
Re: (Score:2)
And you have what evidence for this? Unless you actually work at Google in a fairly technically privileged position you would have no way to know if they do or do not have backdoor access under any definition of the term you care to use.
I actually laughed at this, given that swillden really does work for Google.
Re: (Score:2, Informative)
And you have what evidence for this? Unless you actually work at Google in a fairly technically privileged position you would have no way to know if they do or do not have backdoor access under any definition of the term you care to use.
I do work for Google, in security. And I don't have to be in a "privileged" position to know that. The internal architecture is such that providing such a backdoor would require willing collusion by multiple teams, and I know many of the people who would have to be involved. (Aside: I really, really wish that Google would publish details of its internal architecture for securing user data and controlling and auditing access to it. It is really good, innovative and beautifully paranoid. Far better than anyth
Re: (Score:2)
Too bad that Google openly brags about providing (AKA selling) this so called "encrypted" information.
Google does not sell user data.
We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
That just says that Google outsources some data processing, but requires the organizations that do it to comply with all of the Google policies.
Re: (Score:2)
Assume insecure as a default position (Score:2)
So in the absence of evidence, you declare the existence of a backdoor?
No, in the absence of evidence you assume there may be one and behave accordingly. I presume no knowledge for or against the existence of a back door.
I think you, being the one making the claim, needs to provide the evidence.
I don't need to present evidence of anything. I have no idea if there is or is not a backdoor and neither do you. What I do know is that I have no reasonable way to audit Google on the matter so the only safe course of action is to presume a backdoor exists which will keep you safe even if it does not exist. Unless you control a system it is idiotic to pre
Re: (Score:2)
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase.
But then there's this. [theverge.com] So how, exactly, do you interpret the phrase? I know that's old news, but if they developed something new it's not as if they would tell us.
Re: (Score:2)
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase.
But then there's this. [theverge.com] So how, exactly, do you interpret the phrase? I know that's old news, but if they developed something new it's not as if they would tell us.
It appears that at that time the NSA was collecting data by tapping communications between Google data centers. Google responded by encrypting all of those links.
Re: (Score:3)
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase.
PRISM wasn't exactly a backdoor either, but it was effectively.
NSLs provide access to metadata only, not content
Do you have a source for that? NSL's, generically, have no such inherent limitation (cf. Lavabit). is Google under an NSL to transmit all metadata to the US Government? This sounds like news.
Re: (Score:2)
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase.
PRISM wasn't exactly a backdoor either, but it was effectively.
It's not clear exactly what PRISM was or wasn't. But it appears that the NSA was tapping connections between Google data centers to gather data, and exposing that through PRISM. Google responded by encrypting all of those connections.
NSLs provide access to metadata only, not content
Do you have a source for that? NSL's, generically, have no such inherent limitation (cf. Lavabit). is Google under an NSL to transmit all metadata to the US Government? This sounds like news.
Not news at all. This restriction has been in place since the original PATRIOT Act. What the law actually says is that NSLs are limited to "non-content" information. The best reference is the law itself, but it's scattered across multiple sections. I recommend starting with the
Re: (Score:3)
AIU, the whole point of developing Gmail was to give Google access to the contents of your mail for advertising/profiling purposes. If that's still done, the encryption is mostly pointless.
Re: (Score:2)
AIU, the whole point of developing Gmail was to give Google access to the contents of your mail for advertising/profiling purposes. If that's still done, the encryption is mostly pointless.
Only if you believe the point of the encryption is to prevent targeted advertising.
Otherwise, the keyword extraction and analysis can be done as the email comes in. Or it can be done dynamically as the email is retrieved and decrypted for display. I suspect the latter is what Gmail does, though I don't know for sure.
The point of encryption of data at rest is so that if someone breaks in and gains access to the data store they get nothing useful. Instead, a deeper and more sophisticated compromise of the
Re: (Score:3)
What difference does it make that Google encrypts data in-house? Google is the one holding the keys, and they're as much a problem as any government monitoring.
Google is doing its users a disservice by making any claims that they can "secure" a fundamentally insecure messaging system.
The current industry titans have no interest in providing customers with truly secure messaging. Every company does its best to insert themselves as a man in the middle -- as if they are somehow trustworthy.
Even Facebook and Go
Re: (Score:2)
What difference does it make that Google encrypts data in-house?
It helps to ensure that in the event that Google is hacked, your email is not leaked.
Google is doing its users a disservice by making any claims that they can "secure" a fundamentally insecure messaging system.
Google is making no claims about making email "secure" as a system (note that the word "secure" is meaningless without a specified threat model; email can be very well-secured against some sorts of attacks and not at all against others), only about making it much harder for anyone to break into your email account.
Re: (Score:3)
Right, exactly. So this keeps your email safer from prying hackers, but what keeps it safe from google?
Well, they do promise to not peek.. Oh wait, they don't even do that.
Re: (Score:2)
Why would Google want that? /sarcasm
Sorry, not in stock (Score:2)
Re: (Score:2)
You can also use NFC enabled Yubikeys, which are available.
Don't see point of required bluetooth security key (Score:2)
Re: (Score:3)
You know how passwords are stored hashed?
With the TOTP 2FA, a shared secret is stored in plaintext: the server and client must both know a secret string, which seeds a PRNG, and generates a time-based numeric output. That means the server doesn't take your 6-digit code and "verify" it; it calculates the same code and compares it. If you hack the server, you can grab the secret key and generate the same codes. It has the same at-rest security as a database of plaintext passwords.
With FIDO U2F devices
Re: (Score:2)
Re: (Score:2)
This is true. However, the technology is applicable in other ways.
I'm running for Congress, and have detailed a solution to identity theft [slashdot.org] which essentially involves banks and everyone else not opening new credit accounts without a hard credit check (which is today's situation), and those same entities validating your ID (Driver's ID, passport, etc.) face-to-face by proxy to establish identity with the CRAs via FIDO U2F. In this way, a credit check can only succeed if you have the equivalent of face-to
Good one google... (Score:2)
But your not fooling everyone.
Security is now a buzzword.
Lavabit (Score:2)
Also breaking (Score:5, Funny)
In related news, the fox has made the hen house safer from outside predators. Hens everywhere are rejoicing!
Re: (Score:3)
Have they fixed the 'dot' problem yet? (Score:2)
GMail is the worst email provider I've ever seen because they don't accept a dot in it, which is the most important thing in an email address apart from the @ sign. I still find it hard to believe I'm not seeing things when I see a gmail address without a dot. Not only does it look totally hideous having your name merge intoabigcontinuousunreadablemess, but it makes people's names become other names e.g. Paul Smith already exists, so Paul uses his middle initial and becomes paul.a.smith@domain in a proper
Re: (Score:2)
Re: (Score:3)
What kind of weird version of Gmail are you using? Gmail has supported dots in account names (and thus, email addresses) since inception. The rules are very simple:
1. You can enter any number of dots anywhere in your Google account name when signing in. The dots get silently discarded when Google authenticates you. Thus "foobar" is the same as "foo.bar" is the same as "f...o.o.b.a..r".
2. Your email address only contains the exact dots that you specified in your Google account name when you created it.
Re: (Score:3)
All correct except for the part about what it puts in the headers.
The "To" field in the header still contains all of the dots that were originally used to address the email, and someone you are telling your gmail address to has no way to tell which, if any, of the dots in your email before the @ sign are actually part of your real email address. The message still makes it way to your real gmail inbox, but because the header "To" field might not contain your exact REAL email address, you can very easily
Re: (Score:2)
I was forced to create a gmail account for youtube and it would't work with dots. In fact my email address there mocks them for not having them, as my original choice would have made me look female (similar to my example).
My Dad's also got rid of the dots and makes his name look foreign.
My brother's strips out the dots and looks incredibly unprofessional. He tried several times to get the dots to stay. They didn't.
Re: (Score:2)
Was this back when YouTube used separate user names from Google, prior to using Google Accounts for all Google services?
Re: (Score:2)
Are you stupid or something?
Maybe, but clearly not as stupid as you. I guarantee you that if you create your Google account name with dots, those very same dots will appear in your gmail address. In fact, when you create a new Google Account, the tooltip that appears when specifying your new user name is "You can use letters, numbers, and periods."
Not by a long shot (Score:5, Insightful)
I just switched from Gmail to ProtonMail because I wanted the most secure email provider. This little feature change by Google does nothing to change any of the important factors - one being that with ProtonMail all my emails are stored using client side encryption.
You cannot, ever, trust a US company where National Security Letters come into play.
Safest of all? WHAT? (Score:2)
Who will protect me from them?
Bold advertorial... (Score:2)
Does Google use an open source encryption standard that can't be cracked?
Would this measure work in all browsers without limitations?
Is Google completely left out of the equation not being able to collect any data or metadata from e-mails?
If the answer is no for any of those questions, Gmail is not the most secure e-mail provider on the planet, and in fact it's worse than many freely available options out there.
Want extra protections involving USB keys for your devices? Get a Yubikey.
Yea, two-factor auth is great. (Score:2)
Not that there is any way to get that SMS code, or spoof it [mailto]
Re: (Score:2)
If you actually read the first link in the article, you would see that this "Advanced Protection Program" is actually about disabling the ability to use SMS as the second factor and instead requiring a not-easily-spoofable security key.
Nothing new...but not entirely possible... (Score:2)
Yeah - I turned it on over a year ago. Thunderbird uses 2FA to access my Google Account (via their App Passwords); but for normal logics I still have to keep it at just Passwords b/c too many apps - even by big app providers - don't support
What Kind of Idiot Gets Phished? (Score:2)
This was the title of a ReplyAll podcast episode a while back. Since they use the Google platform themselves they dove into this question after several kinds of attacks surfaced in the media. Most interestingly those with Google Authenticator keys could be attacked through social engineering (using methods similar to the Google docs attack). Therefore, having an "idiot proof" key exchange sounds like a great and necessary method to secure our stuff. While this is Google only now - I'm willing to bet it wil
Oh boy! TOKENS! (Score:2)
What happens when your wonderful token eventually desyncs (they ALWAYS desync, don't let anyone tell you it never happens).
There are others (Score:2)
I am using protonmail.
When I login, user id, password, and pass phrase for my mailbox to decrypt it.
If I wanted, I can use google authenticator to add 2FA.
Also in Switzerland, so US subpoena is more meaningless.
You also set your PGP keys so you can send and receive encrypted emails as part of the service.
I would call this pretty secure.
They also have a service protonVPN that is nice.
iphone nope (Score:2)
So the only way to authenticate your iphone is with the single existing bluetooth dongle from a Belgian company that is sold out on Amazon with no known availability. They appear to have no other outlet in the states.
So no iphone, at least for now.
Yubico says effectively that bluetooth looks interesting for U2F but they aren't ready to implement.
Unrelated: U2F is great, but when will we see this tool extended beyond just the web browser? I'd enjoy using this in place of 2fa in lots of applications, even win
Infineon keys and tokens? LOL (Score:2)
Gmail doesn't take security seriously (Score:2)
And how does Google ... (Score:2)
plan to protect users from itself?
Re:what if I phish your password? (Score:4, Informative)
Hi sir! please enter your gmail password here: ____________
Oh i see, google doesn't protect against this. This seems super secure.
I think you missed the point. It's two factor authentication. If I know your password I still need to know the key to log in.
Re: (Score:3)
Which is exactly why the "key" in proper two-factor authentication is something you physically have, and not a piece of information you can share. Whether it's a constantly changing "password" that can only be used once, or a bit of challenge-response encryption where the encryption key never leaves a secured dongle, the effect is the same - without having the device in-hand, social engineering and man-in-the-middle attacks can grant, at most, one-time access.
As opposed to GPG (or S/MIME) (Score:2)
Yup, indeed.
My reaction too was "Nope, not the most secure. Just slightly more secure than before, and never as secure as any random provider as long as you use PGP implementation such as GPG" (or eventually if you use S/MIME, as long as you trust enough the authority that certified the keys).
Again people, in terms of privacy and security, it's hard to beat full end-to-end encryption.
For the webmail-using crowd : Mailvelope [mailvelope.com] is an extension that allows you to use openPGP in the "TextArea" field used by webma
Identity vs. content and identity (Score:3)
To elaborate more :
- 2 factor identification (like the suggested bluetooth and usb dongles) only solve 1 single problem : identity.
Making sure that when Alice receives an e-mail from "bob@gmail.com" it's indeed written by Bob, and not by Eve trying to steal bob's gmail credential by hacking the SMS 2 factors.
But any exchange between Alice and Bob can still be read on Google servers 100% for sure (that's how GMail's Ads work), and maybe by any goverment agency that has agreements (or plain just did an inside
Re: (Score:2)
You are quite right that the trumpeted security only covers account access, and not secrecy of transmission. Still quite valuable in that account access typically gives not only allows spoofing and surveillance, but also retroactive surveillance of all non-deleted communications, and the ability to revoke the legitimate user's access.
>Basically, the private key stored on bob's computer acts as a second factor
One major nitpick - "2 factor authentication" typically involves both "something you have" and
Small details. (Score:2)
Still quite valuable in that account access typically gives not only allows spoofing and surveillance, but also retroactive surveillance of all non-deleted communications,
Neither Mailveloppe plugin for webmails, nor any standard PGP and S/MIME enabled client (e.g.: Thunderbird (S/MIME) with Enigmail plugin (PGP) ) will ever store the clear text e-mails.
E-mails are kept encrypted in all storages (remote IMAP folders on the server, local mail folder storage, HTML sent by the webmail) and only decrypted on-the-fly before displaying.
Thus it also prevents retroactive suveillance as long as the private keys are kept secret.
and the ability to revoke the legitimate user's access.
Which is not a limitation of public keys (like PGP and S/M
Re:Identity vs. content and identity (Score:4, Interesting)
If you have nothing to hide, you have nothing to fear?
Knowledge is power, and the more the government knows about you, the more power they have over you, and the less resistance you can provide against fascism, corruption, and other abuses of power. It's not just KGB-style threats and "tactical removal" of people who may present an obstacle to those in power (though the legal basis for "disappearing" people was put in place by the PATRIOT Act), it's also the more subtle manipulation of opinions and directing of actions in ineffective directions, as recently demonstrated by the highly targeted Russian Facebook ads.
Watch the population closely enough, and you can derail credible resistance long before it becomes a threat.
Re: (Score:2)
If you have nothing to hide, you have nothing to fear?
Knowledge is power, and the more the government knows about you, the more power they have over you, and the less resistance you can provide against fascism, corruption, and other abuses of power. It's not just KGB-style threats and "tactical removal" of people who may present an obstacle to those in power (though the legal basis for "disappearing" people was put in place by the PATRIOT Act), it's also the more subtle manipulation of opinions and directing of actions in ineffective directions, as recently demonstrated by the highly targeted Russian Facebook ads.
Watch the population closely enough, and you can derail credible resistance long before it becomes a threat.
Substitute "Google" an evil rich multi-national corporation for the word "government" and you'd about have it right.
Re: (Score:2)
Google is absolutely in the fray, but I reject your implied limitation.
Google, Facebook, Amazon, USA, Russia, China... they're all in the fray. Every concentration of power that can be threatened by or profit from public opinion has a vested interest in surveilling and manipulating people. And governments can bring a lot of leverage against both corporations and the individuals who work in them, in order to augment their own information gathering programs.
Re: (Score:2)
Do you have any evidence that Google is in fact stealing the contents of your email?
No, they NEVER have sold targeted search results to others nor have they used what they read in my inbox to target me... Are you nuts? That's how Google makes their money and you somehow don't think they leverage the contents of your inbox? P.T Barman was right...