Gmail Security Is a Problem For Tor Users In Repressive Countries

blottsie writes Google is a long-time contributor to the Tor Project. But a security feature in Gmail poses a potential problem for Tor users who live under dangerous regimes or otherwise need to protect their anonymity, reports Joseph Cox at the Daily Dot. The email service kicks users out of their login session if it detects logins from IP addresses originating in other countries, then requires a user to enter a PIN code sent to a cellphone. Unless the user has a burner phone, this could potentially betray his or her identity to authorities.

Re:Mobile generated codes

^^correct. It's not secure to use SMS, and provides a phone number for regimes to hunt down and track if they twist Googles arm to get your data.

But common!! Why are so many so dumb? Just use keepass2 and the keeOTP plugin.

The little known fact (outside of us geek circles) is that "Google Authenticator" is a wide open standard that anyone can write code to implement and many have. It does not call the google mother ship. It's a time based key generation technique based on a shared secret key you enter upon setup, and ayone with the time and interest can write their own implementation.

Big thanks to the keepass2 team and Devin Martin who made the TOTP generator plugin. And gosh. It's pretty old folks, this isn't news.

And to those who say "Stop using google mail" i hear you brother, but many folks don't have the skills, knowledge or means to host their own MX. Gmail with external TOTP generation ala keepass2 is about as good as you can get without rolling your own IMHO. I don't trust Google as far as I can throw them, but they do allow you to have disposable accounts with better security features than the average person will ever be able to self implement.