Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Google Privacy Security

'Google Just Made Gmail the Most Secure Email Provider on the Planet' (vice.com) 197

Google announced on Tuesday that it would offer stronger online security for "high risk" users who may be frequent targets of online attacks. The company said anyone with a personal Google account can enroll in the new "advanced protection," while noting that it will require users to "trade off a bit of convenience" for extra security. Motherboard reports: The main advantage in terms of security is the need for a key or token to log in as the second factor, instead of a code sent via SMS or via app. This is much better because there's no way for hackers to steal or phish this key from afar (there have been isolated incidents of hackers using social engineering to gain access to someone's cell phone number by getting the provider to issue a new SIM card, for instance). Thanks to these new features, Gmail is now the most secure email provider available on the internet if you are worried about hackers breaking into your private correspondence. "This is a major step in the right direction in offering the same kind of protection available to high-profile figures to everyday people," Kenneth White, a Washington D.C. based security consultant to federal agencies, told Motherboard. "They have really thought this through, and while it may not make sense for everyone, for those that need it, it's a much needed option."
This discussion has been archived. No new comments can be posted.

'Google Just Made Gmail the Most Secure Email Provider on the Planet'

Comments Filter:
  • by bluefoxlucid ( 723572 ) on Tuesday October 17, 2017 @11:44AM (#55383673) Homepage Journal

    I specify that Congress should make broad legislation allowing a regulatory agency to select the most-appropriate, affordable, and effective technology of today; and today, that is the FIDO U2F Security key with RSA or ECC encryption. That's how I'm going to defeat identity theft once and for all [johnmoserforcongress.com].

    • by Anonymous Coward

      Doesnâ(TM)t matter. Their keys are used by other providers already. A friend of mine uses Auth-Anvil as a two-factor for his service which includes email access.

      The most secure system is to host it yourself, and encrypt the contents with a key you only have access to.

    • by ctilsie242 ( 4841247 ) on Tuesday October 17, 2017 @12:14PM (#55383957)

      How about FIDO U2F and the Google Authenticator ( RFC 6238 and RFC 4226)? The six digit TOTP code has been proven across many, many sites (I use it on Microsoft's, Amazon's, gmail's, and many others.)

      What would be nice would be a dedicated PDA-like device with a camera for reading QR codes, a touch screen for inputting codes by hand, a charge-only USB interface, and a SD card interface for backing up the OTP seeds. The device never sees, nor cares about the Internet, and is only connected to a USB cable to get power.

      The closest to this we have now is an iPod Touch.

      • The U2F system stores a private encryption key generated on the device only on the device itself. The 6-digit TOTP code is stored at both endpoints.

        If you hack Equifax and they identify people by TOTP, you have all the TOTP keys and can pretend to be anyone. If they identify people by U2F, you have to modify the public keys Equifax uses to identify people--which means they can no longer identify themselves (it's noisy). If you don't perform that modification, you don't get any information with which to

      • by Orphis ( 1356561 )

        TOTP can be defeated by man in the middle attacks too.

        Those U2F modules will check the certificates of the place you're connecting to and negotiate directly your auth request.

        • Agreed. Because it is a shared secret and MITM-able if the SSL link is not present, it isn't perfect. However, it is far better than 99.99% of what is out there. The ideal is definitely the U2F token, but oftentimes, one may not be at a place where they can plug that in.

    • > I specify that Congress should make broad legislation allowing a regulatory agency to select the most-appropriate, affordable, and effective technology of today;

      They did. The federal government requires MD5. SHA256 is not acceptable for many federal uses (though it is now FIPS), because they haven't updated the relevant federal standards. Our system of government was designed to be fair, transparent, and flexible. It was not designed to be fast and efficient.

  • by Anonymous Coward on Tuesday October 17, 2017 @11:44AM (#55383679)

    somehow I wish the reverse, I hate it google block me access to their web site everytime I change my location, I would like to somehow turn off whatever they had till now. As a user want to have the choice to access my email account as it fits to me, from whenever I want to, is missing with Google.

    • by kwerle ( 39371 )

      Use IMAP or POP and a real mail client. Don't use the web interface.

      Or use a 3rd party web interface that backends via IMAP or POP.

      • If a web interface is properly secured and you haven't completely disabled your browser's security settings, why would it be any less secure than IMAP or POP?

        • by kwerle ( 39371 )

          GP doesn't want to need to log in every time. I was suggesting a couple of ways to do that. You could argue (I would not) that not having to log in every week or two or every time you move locations is less secure. Whatever.

          I was just suggesting ways they would not have to re-log-in.

  • by Anonymous Coward on Tuesday October 17, 2017 @11:48AM (#55383721)

    Is it secure from Google?

  • Good options. But think before enabling such high security for things that don't need it. Forgetful parents for example -- give them these things and if they ever lose them or forget one piece of information, their accounts are gone forever.

    Some things just need "good enough" security and the likelihood that anyone cares enough to hack them is a risk you accept for the practical real-world usability of the thing.
  • Chrome only... (Score:5, Insightful)

    by mrsam ( 12205 ) on Tuesday October 17, 2017 @11:52AM (#55383769) Homepage

    I skimmed Google's write-up of their new offering, and was seriously considering looking into this. I bear no delusions of self-grandeur, or that anyone would have any reason to be interested in sorting through all the confirmation e-mails for the coffee I buy off Amazon; but I do have some key data tied up in the Googleverse, and the cost of an extra keyfob would not exactly break the bank. However, then I came to this:

    Google services on the web

    You will only be able to use the Chrome browser to access signed-in services like Gmail or Photos.

    That breaks the deal for me, since I don't use Chrome, and it would not be convenient for me, for a few reasons. I can't really think of any valid technical reason why this results in any actual security, unless Chrome pins Google's CA; but the same thing can be done in any other browser too.

  • They did? (Score:5, Insightful)

    by JohnFen ( 1641097 ) on Tuesday October 17, 2017 @11:53AM (#55383783)

    So they're now encrypting all the emails being stored on their servers and don't hold the key themselves?

    Because if they're not doing that, then they're not anything close to "the most secure email provider on the planet".

    • by dbialac ( 320955 )
      Not just that, but everything requires Google's apps (Chrome, Gmail, etc.), which requires you to let Google track you.
      • Not just that, but everything requires Google's apps (Chrome, Gmail, etc.), which requires you to let Google track you.

        You can use Gmail without any of Google's apps.

        • by dbialac ( 320955 )
          You can't use this the dongle described in the post without Google's apps.
          • You can't use this the dongle described in the post without Google's apps.

            Hmm. Probably true... though not certainly true. As I understand it, the protocols are open and standardized, so it should be possible to write, say, a Thunderbird plugin to do it.

    • No provider can encrypt all the e-mails stored on their server without holding the key themselves. End-to-end means it's encrypted at the end.

      • That's not true, it's done all the time. That's the main benefit of public key encryption: the key you use to encrypt and the key you use to decrypt are two different things. The provider holds the public key and uses that to encrypt. It doesn't hold the private key that is required to decrypt.

        • How do you know the provider isn't storing a journal of pre-encrypted e-mails?

          How do you know the provider hasn't received a National Security Letter forbidding them to tell anyone that they've been ordered to store the plain-text e-mails for you before encryption?

          Your point is valid--they can do a one-way encryption--but it only raises further concerns. Fifty points to Ravenclaw, anyway; nice catch.

          • How do you know the provider isn't storing a journal of pre-encrypted e-mails?

            How do you know the provider hasn't received a National Security Letter forbidding them to tell anyone that they've been ordered to store the plain-text e-mails for you before encryption?

            You don't, obviously -- but if you need that level of security, then you shouldn't be using this sort of email provider. What encrypting the data at rest gets you is protection against attackers that may have gained access to the mailserver's database. It doesn't protect you against a malicious or incompetent service provider, and it certainly doesn't protect you against governmental attention.

            Still, it would be stronger protection against non-governmental attackers than what they're doing.

  • If you'd like to use this on your phone, tablet, etc. You are beat. Google sign up for this links to this item to purchase - https://www.amazon.com/Feitian... [amazon.com] Amazon reports it's not available and does not know when it will be in stock.
  • How is a separate physical bluetooth key better than the existing option of using Google's Authenticator app for 2FA?
    • You know how passwords are stored hashed?

      With the TOTP 2FA, a shared secret is stored in plaintext: the server and client must both know a secret string, which seeds a PRNG, and generates a time-based numeric output. That means the server doesn't take your 6-digit code and "verify" it; it calculates the same code and compares it. If you hack the server, you can grab the secret key and generate the same codes. It has the same at-rest security as a database of plaintext passwords.

      With FIDO U2F devices

      • Fair enough, but if Google's servers can be hacked to steal the server-side portion of the Authenticator password then it's possible they can also be hacked to get into your gmail account by other means.
        • This is true. However, the technology is applicable in other ways.

          I'm running for Congress, and have detailed a solution to identity theft [slashdot.org] which essentially involves banks and everyone else not opening new credit accounts without a hard credit check (which is today's situation), and those same entities validating your ID (Driver's ID, passport, etc.) face-to-face by proxy to establish identity with the CRAs via FIDO U2F. In this way, a credit check can only succeed if you have the equivalent of face-to

  • But your not fooling everyone.

    Security is now a buzzword.

  • What about Lavabit? I hear they are up and running again. [wikipedia.org]
  • by 31415926535897 ( 702314 ) on Tuesday October 17, 2017 @12:24PM (#55384041) Journal

    In related news, the fox has made the hen house safer from outside predators. Hens everywhere are rejoicing!

    • Exactly. Google is allegedly making it safer by keeping everyone from reading it - except themselves, of course.
  • GMail is the worst email provider I've ever seen because they don't accept a dot in it, which is the most important thing in an email address apart from the @ sign. I still find it hard to believe I'm not seeing things when I see a gmail address without a dot. Not only does it look totally hideous having your name merge intoabigcontinuousunreadablemess, but it makes people's names become other names e.g. Paul Smith already exists, so Paul uses his middle initial and becomes paul.a.smith@domain in a proper

    • How does that "break email"?
    • What kind of weird version of Gmail are you using? Gmail has supported dots in account names (and thus, email addresses) since inception. The rules are very simple:

      1. You can enter any number of dots anywhere in your Google account name when signing in. The dots get silently discarded when Google authenticates you. Thus "foobar" is the same as "foo.bar" is the same as "f...o.o.b.a..r".

      2. Your email address only contains the exact dots that you specified in your Google account name when you created it.

      • by mark-t ( 151149 )

        All correct except for the part about what it puts in the headers.

        The "To" field in the header still contains all of the dots that were originally used to address the email, and someone you are telling your gmail address to has no way to tell which, if any, of the dots in your email before the @ sign are actually part of your real email address. The message still makes it way to your real gmail inbox, but because the header "To" field might not contain your exact REAL email address, you can very easily

      • I was forced to create a gmail account for youtube and it would't work with dots. In fact my email address there mocks them for not having them, as my original choice would have made me look female (similar to my example).
        My Dad's also got rid of the dots and makes his name look foreign.
        My brother's strips out the dots and looks incredibly unprofessional. He tried several times to get the dots to stay. They didn't.

        • Was this back when YouTube used separate user names from Google, prior to using Google Accounts for all Google services?

  • Not by a long shot (Score:5, Insightful)

    by Troed ( 102527 ) on Tuesday October 17, 2017 @12:29PM (#55384075) Homepage Journal

    I just switched from Gmail to ProtonMail because I wanted the most secure email provider. This little feature change by Google does nothing to change any of the important factors - one being that with ProtonMail all my emails are stored using client side encryption.

    You cannot, ever, trust a US company where National Security Letters come into play.

  • Dare I say the more aggressive reader of other people's email may be THE Google itself.
    Who will protect me from them?
  • Does Google use an open source encryption standard that can't be cracked?
    Would this measure work in all browsers without limitations?
    Is Google completely left out of the equation not being able to collect any data or metadata from e-mails?

    If the answer is no for any of those questions, Gmail is not the most secure e-mail provider on the planet, and in fact it's worse than many freely available options out there.
    Want extra protections involving USB keys for your devices? Get a Yubikey.

    • If you actually read the first link in the article, you would see that this "Advanced Protection Program" is actually about disabling the ability to use SMS as the second factor and instead requiring a not-easily-spoofable security key.

  • So, Gmail has had this ability for quite a while since you can lock your Google Account to a 2FA device, or even to Google Authenticator codes as a 2FA tool. However, the biggest issue is Apps on Android not being able to use the more secure authentication mechanisms.

    Yeah - I turned it on over a year ago. Thunderbird uses 2FA to access my Google Account (via their App Passwords); but for normal logics I still have to keep it at just Passwords b/c too many apps - even by big app providers - don't support
  • This was the title of a ReplyAll podcast episode a while back. Since they use the Google platform themselves they dove into this question after several kinds of attacks surfaced in the media. Most interestingly those with Google Authenticator keys could be attacked through social engineering (using methods similar to the Google docs attack). Therefore, having an "idiot proof" key exchange sounds like a great and necessary method to secure our stuff. While this is Google only now - I'm willing to bet it wil

  • What happens when your wonderful token eventually desyncs (they ALWAYS desync, don't let anyone tell you it never happens).

  • I am using protonmail.
    When I login, user id, password, and pass phrase for my mailbox to decrypt it.
    If I wanted, I can use google authenticator to add 2FA.
    Also in Switzerland, so US subpoena is more meaningless.
    You also set your PGP keys so you can send and receive encrypted emails as part of the service.

    I would call this pretty secure.

    They also have a service protonVPN that is nice.

  • So the only way to authenticate your iphone is with the single existing bluetooth dongle from a Belgian company that is sold out on Amazon with no known availability. They appear to have no other outlet in the states.

    So no iphone, at least for now.

    Yubico says effectively that bluetooth looks interesting for U2F but they aren't ready to implement.

    Unrelated: U2F is great, but when will we see this tool extended beyond just the web browser? I'd enjoy using this in place of 2fa in lots of applications, even win

  • It's ironic to see this the day after the Infineon flaw was widely announced. [engadget.com]
  • Google changed gmail a few months ago so that it no longer logs you out when you close your browser (or when the browser crashes, or the computer powers off), and worse, *they've removed all options to enable this auto-logout behavior*. It used to be that you could choose between convenience (remember me so I don't need to login again) and security (always require a password to get into gmail), but they removed the choice! They've decided that they don't care about your security needs. So this claim of b
  • plan to protect users from itself?

Mathematicians practice absolute freedom. -- Henry Adams

Working...