Google and Password Security
wesleyac.x64.meThey would not have to store your password to know that you typed an old one by accident, just a hash.
That is true, but all of the things in that post are still true. All of the password recovery steps will work, no matter how the backend is done.
Recently I lost access to an old google account that I hadn't used in a long time. Google asked me a couple of questions like when was the account created, I purposely entered the month incorrectly. This was followed by some other vague questions like which other google services do I use etc. Finally I was surprised at how easily I was able to reset my password. An evil mind can easily compromise tonnes of accounts because there are ways to guess a lot of the data Google asks. I'll skip the details here.
Bottomline, Google & its users need to step up account security, atleast for their primary account that's tied to banking etc. 2FA is definitely a temporal piece of mind until someone finds a loophole.
Currently, the "loophole" in 2FA is that almost no one enables it. Although it's great that Google offers it, it doesn't help when >95% (Just a guess off the top of my head, but seems reasonable) of people don't enable it.
I only know one person who uses 2FA, besides myself, yet almost everyone that I know uses GMail.
If you're this concerned about your password security, you should be using Google's two-factor authentication.
It's not that I am concerned about my security, as I use text message verification to recover my password. My issue with this it that people who don't give their phone number to google can be effected by this.
EDIT: Just set up 2 factor auth. Looks cool, until my phone dies and I don't have the backup codes with me.
The server's overwhelmed. Try the Coral Cache: http://wesleyac.x64.me.nyud.net/blog/?p=25
Thanks for letting me know. Just installed A cache plugin for WP, so hopfuly it'll be working again soon.
Strange though, I only see the load at 0.75.
The HTML is loading very slowly - it took 30 seconds in one attempt. And the images aren't working at all. Oh, you're hosting it from your home DSL line? Bandwidth is the problem. Maybe you should save everything into a Dropbox public folder and link it here.
> Oh, you're hosting it from your home DSL line? Bandwidth is the problem. Maybe you should save everything into a Dropbox public folder and link it here.
Here you are. https://dl.dropboxusercontent.com/u/92312532/Google%20and%20...
The article makes a good point. It appears Google storing old passwords indefinitely makes your account potentially less secure. So why do they do it?
shhhhh...