Forget Googles' other properties, my gmail account pasword is my password for everything for the simple reason that an attacker with access to my gmail account can reset my password on almost every other web system by requesting that a password update email be sent to me.
This is one of the reasons I caved and got an iPhone with push mail notification. I want to know the moment I get a password reset email. Alas, a really clever attacker would probably read and delete the mail before I could see it.
That seems backwards. The problem isn't your gmail password getting leaked, but some other site leaking your password. If that site also has a clue about your email address, now they have access to your email, since you made them the same password.
No, he says that it's like gmail's password is his password for everything, since someone can then reset his other passwords; not that he uses gmail's password for everything.
Although you're right that websites might have access if you use the same password for everything, in this case even if you use all different passwords, you're completely blown if somebody gets the gmail password, because they can just reset all the other ones.
Seems a lot of people missed the point. This wasn't about using the same password everywhere (obviously insecure) but rather, if someone did get your email password it immediately defeats the security of every other service you use.
What I'm saying is if you use the same password for everything, that makes it more likely they can get the gmail password.
Take, for example, the reddit password leak. A clever attacker can probably guess my email from my username. If I had used my gmail password for my reddit password, now they have access to everything. But, since I don't cross contaminate my password like that, I didn't risk my gmail account.
I don't think that you understand what you're saying. Let's look at a few examples:
Scenario #1
===========
- I have 3 online accounts: gmail, hacker news, okcupid
- I use the same password for all accounts
- someone hacks okcupid
- they now have the password to my gmail account
- they also have my email which is attached to the okcupid account
- hacker uses okcupid password to access my gmail account.
- hacker users access to gmail account to reset password for hacker news
Scenario #2
===========
- I have 3 online accounts: gmail, hacker news, okcupid
- I use the same password for both hacker news and okcupid,
but I use a different password for gmail.
- hacker breaks into okcupid
- hacker now has my email address and my password for
okcupid/hackernews
- hacker attempts to access my gmail account, but cannot
because the password is different
- hacker attempts tot access my hacker news account, and
gains access since it's the same password as my okcupid
account
Scenario #3
===========
- I have 3 online accounts: gmail, hacker news, okcupid
- I use separate passwords for each account
- hacker breaks into okcupid
- hacker now has my email and password for okcupid
- hacker accumpts to access my gmail and hacker news
accounts, but cannot.
You're saying that because it's possible for someone to gain access to your gmail account, you use the same password everywhere, but this is the wrong conclusion to draw here.
Scenario #3 where each account has a different password is the best, but Scenario #2 is still better than Scenario #1. Just because a compromise on your Gmail account is a 'Game Over' scenario just means that you have to apply extra security measures to your Gmail account. Your Gmail password should definitely never be used as a password anywhere else and should be the strongest password that you use (other than maybe an online banking password).
tl;dr version:
You email account password should be your strongest password, even if you use the same password everywhere else. The odds of someone hacking your email account are low, the odds of someone hacking a no-name website and using your account information to get your email password are high.
So when you have such a powerful "master" password, you shouldn't go blabbing it to a bunch of websites with unknown security. You have to trust it with Google, by nature, but using different passwords elsewhere means that leaks on other sites are contained.
He doesn't reuse the password all over the net. He uses many google services, and each requires his gmail password. It's google that's forcing him to authenticate himself via gmail.
Especially with things like the Twitter leak, I've become increasingly frustrated with the fact that someone could basically just become me if they a) found out my Gmail password or b) had access to a pre-authenticated session (e.g. my flatmate borrowing my laptop). The fact that the Gmail password in and of itself also ties access to other Google services, as pointed out in the OP, doesn't scare me half as much.
MMORPG accounts are a particularly perverse case -- they're a perfect commodity for automated exploits, there's a very high floor on value (the subscription cost), and law enforcement doesn't give a shit.
Banks here are offering SMS confirmations as a 2 factor Auth. So I can transfer money to existing accounts fine - but any new account or bill requires a code that is SMSed to a pre-set number (and resetting the # requires a SMS as well)
key fob for google would be nice though. I'd be pretty tempted to pay
I'm guessing there's no incentive for Google to care. If your gmail gets hacked, Google loses 1 user. (even though you lose a lot more) If someone hacks a blizzard account, it screws up the blizzard economy.
The screw up to the Blizzard economy will be temporarily and will be corrected in less than a day.
Why do you think this?
If by "corrected" you mean the user will get their stuff back quickly, that isn't so in my experience. Sometimes, some stuff will be restored quickly, but it might take days or weeks for some of it, and chances are that you'll never see some of it back. I'm not sure how they do logging, but such delays imply that it must be pretty human-intensive to get a record of what's been taken and restore it.
I thought you were referring to the macro level (ie someone selling all your stuff). I think from the micro level you probably lose your char but no one else in the universe is going to be affected significantly.
I signed up with this to give me an easy way to use a keyfob login on websites for a trip I'm doing next year where I want access to my websites but don't want to type my password on public internet terminals.
I don't understand why someone wouldn't be able to create more than one GMail account and use separate accounts for separate google related purposes? (Use one GMail account for RSS and a seperate GMail account for App Engine, etc)
There is still the possibility that everyone you give information to is tied to a single GMail account (for your own convenience), but that is still your own fault, not Google.
The issue is convenience I suppose. Having everything tied to one account makes it quite simple to jump to your calendar, your voicemails, your checkout, etc.
I really like the author's idea to (at a minimum provide) an alternate gmail password that mail clients can use. That would alleviate most of my concerns.
I don't think we'll see Google splitting off their gmail/gtalk logins from everything else, and I don't necessarily agree that they should. One of the major benefits to using google services is the shear amount of services you get without having to login to multiple sites, or keep multiple bookmarks, google takes care of it all for you. We're slowly seeing this same idea take over the rest of the web with facebook connect and OpenID. People want convenience and don't like remembering a ton of passwords, or even having to retype a login/password on every site they go to. Ideally, for most internet users i'm sure, FB connect or OpenID or Google would take over the "login market" and include a key fob, so you just log your computer onto the internet and you're good to go. But I agree with most here, a key fob is, well, key.
Not that these solve the problem, but here are some tips to help mitigate negative effects:
1. Audit your Gmail access history. In the footer, there is a a message "Last account activity...Details". Click the "Details" link to view recent access history (web and mobile), and for the option to deauth all other sessions.
This kind of thing weighs down innovation. Take Threadsy.com for example. I'm sure people aren't thrilled about having to give out gmail passwords to make full use of their service.. It's a shame that Google hasn't addressed this yet.
The article seems trivial compared to what I see as the real security risk - unrelated sites that have an "I forgot my password" option which relies on e-mail to reset the password.
If an attacker has your gmail, they can go to your bank, your stock brokerage, your retirement accounts, your credit cards, etc and say "I forgot my password" and use the e-mail access to reset those.
I hate that my bank wants me to put in "Your mother's maiden name" as a "security question" when that information is painfully easy to get (relative to password). I always enter fake information, but I really wish there was just an opt-out for the password reset feature.
Why not create separate accounts for each service? If you are really security conscious, you could even have a separate password for each one.
For that matter, you might simply solve the gmail/blackberry problem by making a second account for your email, setting your primary account to forward to the second account, and setting the phone to check the second account rather than the first.
The blackberry argument is exactly the place where open source is the answer. I have a python script that I fully understand (and wrote much of it myself) grabbing email data off the internet, and only it knows my password - I wouldn't dare trust proprietary software with something that sensitive.
I don't think it matters how secure your password is if it gets sniffed or keylogged. I have been at more than one internet cafe where I absolutly needed to login over an untrusted terminal to my mail account.
I read an interesting paper a while back (sorry, I don't remember where or what it was called) that attempted to thwart keyloggers. Their study showed that keyloggers pretty much never paid attention to the mouse. Thus their security method was to click in the password field, type a character or two, click outside the field and type a bunch of random stuff. Rinse and repeat until your password is entered. It seems pretty hackish but according to the authors it was quite effective.
I've used this method a few times at public internet terminals hoping it would work, but in the absence of evidence that it really would work I got lazy and haven't bothered most times. Good to know it's an effective extra preventative measure.
This is one of the reasons I caved and got an iPhone with push mail notification. I want to know the moment I get a password reset email. Alas, a really clever attacker would probably read and delete the mail before I could see it.