Slashdot Mirror

← Back to Stories (view on slashdot.org)

Companies Advise Tighter Security After Honan Hack

Posted by samzenpus on from the add-another-security-question dept.

In the wake of the hacking of Mat Honan's accounts, Google, Facebook, Amazon, and Apple are just a few of the companies making their security policies tougher, and they are advising people to do the same. From the article: "Even as those companies’ teams moved to patch the holes, others moved to offer security tips. Matt Cutts, head of Google’s Webspam team, used his personal Website to urge Gmail users to embrace two-factor authentication. 'Much of the story is about Amazon or Apple’s security practices, but I would still advise everyone to turn on Google’s two-factor authentication to make your Gmail account safer and less likely to get hacked,' he wrote in the August 6 posting."

10 of 99 comments (clear)

  1. Feels like post-911 by A+beautiful+mind · · Score: 5, Insightful

    In the name of security Google has been pestering for my phone number for years, while their motives are much less about my security and more about their business reasons.

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
    1. Re:Feels like post-911 by Anonymous Coward · · Score: 3, Funny

      God, this thing annoys the hell out of me.
      I need to write a userscript to auto-skip the page.

      I AM NEVER GIVING YOU MY CELLPHONE NUMBER, I DON'T AND NEVER WILL HAVE ONE, I DESPISE THEM.
      TAKE THE HINT GOOGLE.

      I swear if this leads to more messages about this, I am just switching e-mail services.
      My password is longer than the brain cells of most people who use Gmail, it ain't getting brute forced any time soon.
      And I'm not someone stupid who runs fart.exe for funny fart noises.
      They should just have an option in the settings where you can straight-up state "I am not a stupid person" so they won't treat you like a god damn 5 year old.
      Every year that passes websites seem to get more insultingly simple. When is it going to be over? When will the web die? Will it be soon? Please tell me it will be soon!

    2. Re:Feels like post-911 by patchmaster · · Score: 5, Insightful

      Google has had my phone number for years. To my knowledge I've yet to receive a single call that originated from Google or someone to whom Google gave my phone number.

      I'm all for identifying evil as evil, but it would be nice to have some actual evidence before making the accusation.

    3. Re:Feels like post-911 by Daas · · Score: 4, Informative

      You're OK with them storing every single one of your emails but not your phone number? I hope tinfoil hats are on sale these days.

      If you're too scared of using the phone number auth, just use the Android or iPhone authenticator app. Setup is quick, it's not too invasive and it just works.

    4. Re:Feels like post-911 by ThunderBird89 · · Score: 4, Insightful

      Yet it seems you're very happy to use the internet, whose death you so crave, to voice your opinion and grief about the internet you use to give voice to your opinion.
      Seeing the contradiction?

      [First sentence is deliberately self-referential and obfuscated]

      --
      Hyperbole: I use it liberally!
    5. Re:Feels like post-911 by tlhIngan · · Score: 4, Insightful

      I'm all for identifying evil as evil, but it would be nice to have some actual evidence before making the accusation.

      The fact that a single "no" is not enough to get them to stop asking is evidence enough.

      Not to mention Google really tries to hide the "No" button. It just pops up as a box that says you need to enter your phone number. If you look down, the link to skip it is very tiny, enough to miss it. I'm willing ot bet most people don't even know there's an option to skip it.

      It also pops up randomly on you, and each time it seems the "No" link gets tinier and moved somewhere else.

      For Do No Evil, they certainly are applying all the usual marketing tricks to hide stuff like free downloads and such. If they really cared, it would be in normal font with text saying it's completely optional and you can bypass it by clicking the nice big link.

    6. Re:Feels like post-911 by c++0xFF · · Score: 4, Insightful

      It's in Google's and your own best interest to make your accounts as secure as possible. They get a black eye in the media every time there's a high-profile hacking of a Google account ... which in turn hits at their reputation for providing solid, secure services.

      Given that most users don't know what's best for them, I think it's completely reasonable for them to pester a little bit about a way to improve security.

      Now, that said ... there should be a way to turn the reminder off completely. Some people (me) simply can't use it.

  2. Re:two-factor security by kaiser423 · · Score: 5, Informative

    Uh, they do have a one-time pad of pre-authenticated numbers, and an app that doesn't require an internet connection. I've authenticated form a 9200bps modem from the middle of the Pacific using my list of one-time security access codes.

    In other words, it's glorious. Google does security right, and everyone else needs to take notice. Including corporate IT departments. I've used it for years, and every now and then when I need a new account, I go and get an outlook.com account or similar, because all the regular names are taken in gmail, but I always feel so naked using them. No security at all.

  3. Re:And 2 factor will do what? by kaiser423 · · Score: 3, Insightful

    Any computer I use to check gmail is fully under my control.

    Lucky you. That's not the case for most of us.

  4. Re:two-factor security by robmv · · Score: 3, Informative

    Adding more info about the application, the client is OSS so anyone can port it to Windows/Linux/Mac/Browser extension/you name it, there is nothing in Google solution that requires an smartphone nor data connection