'Google Just Made Gmail the Most Secure Email Provider on the Planet' (vice.com) 78
Google announced on Tuesday that it would offer stronger online security for "high risk" users who may be frequent targets of online attacks. The company said anyone with a personal Google account can enroll in the new "advanced protection," while noting that it will require users to "trade off a bit of convenience" for extra security. Motherboard reports: The main advantage in terms of security is the need for a key or token to log in as the second factor, instead of a code sent via SMS or via app. This is much better because there's no way for hackers to steal or phish this key from afar (there have been isolated incidents of hackers using social engineering to gain access to someone's cell phone number by getting the provider to issue a new SIM card, for instance). Thanks to these new features, Gmail is now the most secure email provider available on the internet if you are worried about hackers breaking into your private correspondence. "This is a major step in the right direction in offering the same kind of protection available to high-profile figures to everyday people," Kenneth White, a Washington D.C. based security consultant to federal agencies, told Motherboard. "They have really thought this through, and while it may not make sense for everyone, for those that need it, it's a much needed option."
I specify that Congress should make broad legislation allowing a regulatory agency to select the most-appropriate, affordable, and effective technology of today; and today, that is the FIDO U2F Security key with RSA or ECC encryption. That's how I'm going to defeat identity theft once and for all [johnmoserforcongress.com].
Doesnâ(TM)t matter. Their keys are used by other providers already. A friend of mine uses Auth-Anvil as a two-factor for his service which includes email access.
The most secure system is to host it yourself, and encrypt the contents with a key you only have access to.
How about FIDO U2F and the Google Authenticator ( RFC 6238 and RFC 4226)? The six digit TOTP code has been proven across many, many sites (I use it on Microsoft's, Amazon's, gmail's, and many others.)
What would be nice would be a dedicated PDA-like device with a camera for reading QR codes, a touch screen for inputting codes by hand, a charge-only USB interface, and a SD card interface for backing up the OTP seeds. The device never sees, nor cares about the Internet, and is only connected to a USB cable t
The U2F system stores a private encryption key generated on the device only on the device itself. The 6-digit TOTP code is stored at both endpoints.
If you hack Equifax and they identify people by TOTP, you have all the TOTP keys and can pretend to be anyone. If they identify people by U2F, you have to modify the public keys Equifax uses to identify people--which means they can no longer identify themselves (it's noisy). If you don't perform that modification, you don't get any information with which to
They did. The agency requires MD5 (SHA256 not ok) (Score:2)
> I specify that Congress should make broad legislation allowing a regulatory agency to select the most-appropriate, affordable, and effective technology of today;
They did. The federal government requires MD5. SHA256 is not acceptable for many federal uses (though it is now FIPS), because they haven't updated the relevant federal standards. Our system of government was designed to be fair, transparent, and flexible. It was not designed to be fast and efficient.
Congress is even slower than regulatory boards.
SHA256 is not an identification protocol.
I want even less security
somehow I wish the reverse, I hate it google block me access to their web site everytime I change my location, I would like to somehow turn off whatever they had till now. As a user want to have the choice to access my email account as it fits to me, from whenever I want to, is missing with Google.
Use IMAP or POP and a real mail client. Don't use the web interface.
Or use a 3rd party web interface that backends via IMAP or POP.
If a web interface is properly secured and you haven't completely disabled your browser's security settings, why would it be any less secure than IMAP or POP?
Also the least secure
As opposed to GPG (or S/MIME)
Yup, indeed.
My reaction too was "Nope, not the most secure. Just slightly more secure than before, and never as secure as any random provider as long as you use PGP implementation such as GPG" (or eventually if you use S/MIME, as long as you trust enough the authority that certified the keys).
Again people, in terms of privacy and security, it's hard to beat full end-to-end encryption.
For the webmail-using crowd : Mailvelope [mailvelope.com] is an extension that allows you to use openPGP in the "TextArea" field used by webma
Identity vs. content and identity
To elaborate more
:
- 2 factor identification (like the suggested bluetooth and usb dongles) only solve 1 single problem : identity.
Making sure that when Alice receives an e-mail from "bob@gmail.com" it's indeed written by Bob, and not by Eve trying to steal bob's gmail credential by hacking the SMS 2 factors.
But any exchange between Alice and Bob can still be read on Google servers 100% for sure (that's how GMail's Ads work), and maybe by any goverment agency that has agreements (or plain just did an inside
For a given value of secure
Is it secure from Google?
I think you missed the point. It's two factor authentication. If I know your password I still need to know the key to log in.
Do you have any evidence that Google is in fact stealing the contents of your email? So far as I understand it they do keyword scans. Now that may be unacceptable to some, but that's not the same thing as "stealing your information".
good for some, not for others
Some things just need "good enough" security and the likelihood that anyone cares enough to hack them is a risk you accept for the practical real-world usability of the thing.
Chrome only...
I skimmed Google's write-up of their new offering, and was seriously considering looking into this. I bear no delusions of self-grandeur, or that anyone would have any reason to be interested in sorting through all the confirmation e-mails for the coffee I buy off Amazon; but I do have some key data tied up in the Googleverse, and the cost of an extra keyfob would not exactly break the bank. However, then I came to this:
Google services on the web
You will only be able to use the Chrome browser to access signed-in services like Gmail or Photos.
That breaks the deal for me, since I don't use Chrome, and it would not be convenient for me, for a few reasons. I can't really think of any valid technical reason why this results in any actual security, unless Chrome pins Google's CA; but the same thing can be done in any other browser too.
Re:Chrome only... (Score:4, Informative)
No one else supports the FIDO U2F security key standard in their browser. FireFox should be getting around to it anytime now, and I believe that Opera does. But that's probably why: the valid technical reason is that no one else supports the security standard.
This also is a deal-breaker for me, since I use a program called Boxcryptor with Google Drive and other cloud services. I like packing my own parachute and having my own encryption layer.
They did?
So they're now encrypting all the emails being stored on their servers and don't hold the key themselves?
Because if they're not doing that, then they're not anything close to "the most secure email provider on the planet".
Re: (Score:3)
Without encryption on server and with law enforcement having backdoor access to Gmail, etc., this is meaningless.
Actually, Google does encrypt all of the email (and all other user data) on its servers, and even in-transit between servers in Google data centers, as well as in-transit between Google servers and your browser and (if supported by the other end) in transit between Google servers and non-Google email servers. Google encrypts all the things, all the time.
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase. What law enforcement does have is search
Hoops
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase.
And you have what evidence for this? Unless you actually work at Google in a fairly technically privileged position you would have no way to know if they do or do not have backdoor access under any definition of the term you care to use. You would have to be daft to presume that organizations like the NSA or law enforcement agencies don't have or cannot get access to your communications with or without Google's permission. While you are correct that in general they would need to jump through hoops, there
So they're now encrypting all the emails being stored on their servers and don't hold the key themselves?
Because if they're not doing that, then they're not anything close to "the most secure email provider on the planet".
"Secure" is a word that is meaningless without a threat model. It's often clear what the threat model is, so we often don't state it (and we often don't state it when it isn't clear). In this case, Google is talking about one threat model (security against unauthorized third parties gaining access to your email) and you're interpreting the statement in the context of another threat model (security against access by Google itself).
Also, it's worth noting that you probably don't actually want the thin
"Secure" is a word that is meaningless without a threat model.
Not meaningless, but your point is solid. In the absence of specifying a threat model, I take "secure" as meaning "nobody can access the data without my permission".
Also, it's worth noting that you probably don't actually want the thing you're asking for.
Oh yes I do. I go to a fair bit of effort right now to make sure I have it.
Key management is hard.
It's not hard, exactly, but it does take ongoing attention.
You need to use another email client and use S/MIME or PGP mail.
Or, even easier, use a mail provider that offers end-to-end encryption. That doesn't cover email in transit, but it does cover email at rest.
Oh, and I forgot the most important part:
None of what you say changes the fact that this change in no way makes GMail "the most secure email provider on the planet".
Oh, and I forgot the most important part:
None of what you say changes the fact that this change in no way makes GMail "the most secure email provider on the planet".
A claim that I'm fairly certain Google never made.
Or, even easier, use a mail provider that offers end-to-end encryption. That doesn't cover email in transit, but it does cover email at rest.
But still means that you trust your mail provider not to look at your email... because it arrives in plaintext. And that's only one of the problems. What provider do you use?
But still means that you trust your mail provider not to look at your email... because it arrives in plaintext. And that's only one of the problems.
Yes, that's why it's an incomplete solution -- but better than what Google is offering here. If the mail is encrypted at rest, that eliminates quite a lot of risk.
What provider do you use?
I run my own mailserver, but I do know there are multiple viable options if you want a third party solution.
Very nice comment!
I would argue that E2Email can, in the future, allow users to dynamically interact with email recipients that both use and don't use E2Email themselves (obviously, with those who don't use it, communication will not be encrypted). It just needs access to a service that, when queried with a recipient, will state if recipient is using it or not. Something like Signal or Whatsapp do with phone numbers.
Of course this brings other problems to the table, being a centralized service, like imperso
Of course this brings other problems to the table, being a centralized service, like impersonating the service, or worse, impersonating recipients to that service in order to flag them as encryption-using thus preventing data decription of messages on their end.
Also, loss of your decryption keys, rendering all of your email inaccessible forever.
Re: They did? (Score:2)
The barrier to entry for using PKI is pretty high for your average human. Not only do you have to get people using the same (or compatible) tools but they have to understand the setup. I actually joined my current company because they had a product that solved that. (Shameless plug: virtru) The only way to get normal people using crypto is to make it trivial. You may have to make some small sacrifices to get there but the end result is a better place.
Not just that, but everything requires Google's apps (Chrome, Gmail, etc.), which requires you to let Google track you.
You can use Gmail without any of Google's apps.
No provider can encrypt all the e-mails stored on their server without holding the key themselves. End-to-end means it's encrypted at the end.
Sorry, not in stock
Don't see point of required bluetooth security key
You know how passwords are stored hashed?
With the TOTP 2FA, a shared secret is stored in plaintext: the server and client must both know a secret string, which seeds a PRNG, and generates a time-based numeric output. That means the server doesn't take your 6-digit code and "verify" it; it calculates the same code and compares it. If you hack the server, you can grab the secret key and generate the same codes. It has the same at-rest security as a database of plaintext passwords.
With FIDO U2F devices
Good one google... (Score:2)
Lavabit
Also breaking
In related news, the fox has made the hen house safer from outside predators. Hens everywhere are rejoicing!
Have they fixed the 'dot' problem yet?
GMail is the worst email provider I've ever seen because they don't accept a dot in it, which is the most important thing in an email address apart from the @ sign. I still find it hard to believe I'm not seeing things when I see a gmail address without a dot. Not only does it look totally hideous having your name merge intoabigcontinuousunreadablemess, but it makes people's names become other names e.g. Paul Smith already exists, so Paul uses his middle initial and becomes paul.a.smith@domain in a proper
Re: (Score:2)
What kind of weird version of Gmail are you using? Gmail has supported dots in account names (and thus, email addresses) since inception. The rules are very simple:
1. You can enter any number of dots anywhere in your Google account name when signing in. The dots get silently discarded when Google authenticates you. Thus "foobar" is the same as "foo.bar" is the same as "f...o.o.b.a..r".
2. Your email address only contains the exact dots that you specified in your Google account name when you created it.
All correct except for the part about what it puts in the headers.
The "To" field in the header still contains all of the dots that were originally used to address the email, and someone you are telling your gmail address to has no way to tell which, if any, of the dots in your email before the @ sign are actually part of your real email address. The message still makes it way to your real gmail inbox, but because the header "To" field might not contain your exact REAL email address, you can very easily
Not by a long shot
I just switched from Gmail to ProtonMail because I wanted the most secure email provider. This little feature change by Google does nothing to change any of the important factors - one being that with ProtonMail all my emails are stored using client side encryption.
You cannot, ever, trust a US company where National Security Letters come into play.
Bold advertorial...
Does Google use an open source encryption standard that can't be cracked?
Would this measure work in all browsers without limitations?
Is Google completely left out of the equation not being able to collect any data or metadata from e-mails?
If the answer is no for any of those questions, Gmail is not the most secure e-mail provider on the planet, and in fact it's worse than many freely available options out there.
Want extra protections involving USB keys for your devices? Get a Yubikey.
Yea, two-factor auth is great.
Not that there is any way to get that SMS code, or spoof it [mailto]