Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Plans Upgrade of Two-Factor Authentication For Politicians and CEOs (theverge.com)

Posted by EditorDavid on from the phishing-the-famous dept.

An anonymous reader quotes the Verge: Google plans on upgrading its two-factor authentication tool with an improved, physical security measure aimed at protecting high-profile users from politically motivated cyberattacks, according to a report from Bloomberg. The new service, to be called Advanced Protection Program and potentially slated to launch next month, will trade out the standard authentication process for services like Gmail and Google Drive with physical USB security keys. The service would also restrict the types of third-party apps and services that could connect to a user's Google account.

The changes are not likely to affect standard Google account owners, as Bloomberg reports that Google "plans to market the product to corporate executives, politicians and others with heightened security concerns."

92 comments

  1. So... by Anonymous Coward · · Score: 0

    Yubikeys?

  2. We're not worthy by dcollins117 · · Score: 5, Insightful

    Ok Google, I get it. Us plebs don't deserve good security.

    1. Re:We're not worthy by geekmux · · Score: 2

      Ok Google, I get it. Us plebs don't deserve good security.

      Well, certainly no other account in a company would be worth securing, right? I mean what access would those piss-ant IT SysAdmins have? I mean, it's not like they control the entire server farm...

    2. Re:We're not worthy by Mikkeles · · Score: 1

      In addition, they act like the politicos are even bright enough to use this!

      I suspect the restriction is only because many of us would actually be able to successfully use it.

      --
      Great minds think alike; fools seldom differ.
    3. Re:We're not worthy by quantaman · · Score: 1

      Ok Google, I get it. Us plebs don't deserve good security.

      Well, certainly no other account in a company would be worth securing, right? I mean what access would those piss-ant IT SysAdmins have? I mean, it's not like they control the entire server farm...

      Is your sysadmin controlling the server farm with their Gmail login? I think you might want a new sysadmin.

      Google accounts don't contain technically sensitive information, they contain personally and organizationally sensitive information. The risk is the attacker can compromise an account belonging to someone important (ie, Clinton's campaign manager) and obtains a bunch of sensitive information. Your sysadmin shouldn't have that kind of info in their account.

      Now there's an impersonation risk, but unusual requests tend to result in confirmation through other lines of communication,

      --
      I stole this Sig
    4. Re:We're not worthy by SlaveToTheGrind · · Score: 4, Informative

      Well, the USB key has been available for well over two years now -- for less than $20.

      And what makes you think you wouldn't be able to buy the rest of the new security package if you wanted to (a) pay the going rate, just like above, and (b) live with the restrictions re third-party app access? TFA (which is basically somewhat educated rumor-mongering anyway) simply says it would be marketed to high-profile users, not that it would be restricted to them.

    5. Re:We're not worthy by Opportunist · · Score: 1

      Think again. We're talking about trusting Google with guarding your secrets.

      An apt comparison would be to not have medical attention from medieval doctors that treat you with bloodletting and enemas while consulting the stars to find the right cure instead of the pleb's answer to a cold, i.e. herbal tea and bedrest.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    6. Re:We're not worthy by Opportunist · · Score: 2

      Well, maybe that's the idea behind it: A two factor auth that even CEOs and politicians can't fuck up.

      Actually, I'm really curious now, so far my attempts have been thwarted. Every time I come up with a foolproof system, the board comes up with a more foolish CEO.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    7. Re:We're not worthy by Known+Nutter · · Score: 1

      (ie, Clinton's campaign manager)

      Also Trump WH staff, former Chief of Staff; six in total, so far.

      Everything's a goddamn political discussion on Slashdot these days, eh?

      --
      Beware of the Leopard.
    8. Re:We're not worthy by ShanghaiBill · · Score: 0

      In addition, they act like the politicos are even bright enough to use this!

      Have you ever talked privately with a politician? They tend to be very intelligent and inquisitive, and likely wouldn't be where they are if they weren't. They just act stupid in public so people will vote for them. If they come across as a smarty-pants know-it-all, they will lose. Example: Hillary.

      Anyway, this does not require politicians to be smart. They just need to have a smart staffer set it up for them.

    9. Re:We're not worthy by Anonymous Coward · · Score: 0

      There we go: the knee-jerk, idiot reaction. Try thinking for one second moron.

    10. Re:We're not worthy by aaarrrgggh · · Score: 1

      Yes, but accounting is a pretty high risk with a direct attack.

      (IT would be an indirect attack.)

    11. Re:We're not worthy by Anonymous Coward · · Score: 0

      It's not a political discussion - it's the current example of known attack. "Why is Google doing this?" "Because Clinton's Campaign Manager got hacked on our platform and we want to make available an option to reduce that possibility in the future."

      But since you want your political discussion - do you think they'd be doing this if it was Trump's Campaign Manager that got hacked, and Clinton had won the election? Would that story even spend any time in the media if that was the case?

    12. Re:We're not worthy by Anonymous Coward · · Score: 2, Informative

      do you think they'd be doing this if it was Trump's Campaign Manager that got hacked, and Clinton had won the election? Would that story even spend any time in the media if that was the case?

      Google is addressing problems with their service. I think they would have done so if it was Trump as well. I'm not convinced any of it is partisan on their part. The better authentication is probably something they will sell to others if there is enough demand. Personally if you want security I seriously suggest you use a separate program to encrypt your emails before handing them over to google. That way, even if they are vacuumed you have another layer of encryption such that only the sender and the recipient can get at them assuming you have preshared public keys securely, such that you at least know they are unchanged.

      Of course had Hillary done that it would be proof to the right wingers of pizzagate or some other bs.

    13. Re:We're not worthy by Anonymous Coward · · Score: 0

      For the same reason that you can't buy Twitter account verification. Instead the company uses it to play favorites https://www.howardstern.com/show/2017/1/24/simple-distinction-reportedly-preventing-steve-floridas-twitter-verification/.

    14. Re:We're not worthy by Anonymous Coward · · Score: 0

      some government entities contract to google for services, they have a whole fucking operating division devoted to it. same goes for amazon and microsoft.

    15. Re:We're not worthy by jopsen · · Score: 1

      U2F is supported by Google and Chrome... Seriously, just get an yubikey... This is probably just Google doing the social work of forcing high-profile accounts to use U2F...

    16. Re:We're not worthy by rtb61 · · Score: 1

      Why would not politics exist on slashdot, nerds and geeks have political issues just like regular folk and you know what, they can use technology to get their ideas across as well as obtain political change.

      How about a third factor authentication, you know the one where end users get to authenticate that it is real political bullshit, coming from real bullshit politicians, those corporate lies that CEO tells to rip us off democratically, so you know, WE CAN BLOCK THEM, automatically. All paid political messages instantly block. If there are any politicians we want to hear from, we will contact them first. Google fuck off with you political spam.

      --
      Chaos - everything, everywhere, everywhen
    17. Re: We're not worthy by Anonymous Coward · · Score: 0

      Just having normal two factor authentication makes Google's security better than a lot of banks. I use regular text message authentication, which I've been told can be intercepted with surprising ease, but I just can't picture someone able to do that and get my password especially being such a low level target.

    18. Re:We're not worthy by Anonymous Coward · · Score: 0

      Mozilla 57 too, but you have to turn it on.

    19. Re:We're not worthy by AmiMoJo · · Score: 1

      I wish they made a USB key with an emergency suicide feature. Even just a button which if pressed five times rapidly erased the keys.

      Physical security is an increasing problem, especially at borders.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    20. Re:We're not worthy by Anonymous Coward · · Score: 0

      It's irresponsible to have your own server farm. The Best Practitce(TM) is to outsource everything to Google. Trust them. They know what's good for you.

    21. Re:We're not worthy by bluefoxlucid · · Score: 1

      Security keys can't be duplicated. They're made with military-grade hardware that costs like $5 and resists fault injections and physical assault, so retrieving the key is impossible with current technology.

      I recommended the same thing for identity theft (YouTube). That involves legislation allowing regulation which drives the current consumer-grade (i.e. affordable) technology into requirement without requiring an act of Congress every time the current technology becomes obsolete and vulnerable.

      --
      Support my political activism on Patreon.
    22. Re:We're not worthy by darkmeridian · · Score: 1

      I wish Google will give me the option of disabling text messaging as a second factor for authentication.

      --
      A NYC lawyer blogs. http://www.chuangblog.com/
    23. Re:We're not worthy by Anonymous Coward · · Score: 0

      Mozilla 57 too,

      Well, obviously. Why would putting a different skin on Chrome change its capabilities?

  3. The Elite use Spyware? by Anonymous Coward · · Score: 0

    The elite use Google services instead of something private that isn’t reading all their mail and messages to spy on the constantly? What? What politicians and CEOs are stupid enough to trust cloud services they don’t own? Don’t they have IT staff to do this stuff for them in a manner that’s actually secure?

    1. Re:The Elite use Spyware? by rholtzjr · · Score: 1

      Yes, they do have an IT staff that handles all their security matters. That is how they got Podesta's emails last election.

  4. Re:As usual, leftist politicians protect themselve by Sir+Lurkalot · · Score: 1

    As you hide under the Cloak of A.C. ...

  5. That USB stick that I found in the parking lot! by PolygamousRanchKid+ · · Score: 1, Insightful

    Who knows what is on it, but I'll plug it in to my computer anyway!

    . . . but Google would never be lackeys, henchmen and hoodlums for the US government . . . and plant NSA spyware on the sticks . . .

    . . . would they . . . ?

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    1. Re:That USB stick that I found in the parking lot! by HermMunster · · Score: 1

      I tried that stick on my Linux deskop and nothing happened. Why? Inquiring minds want to know.

      --
      You can lead a man with reason but you can't make him think.
    2. Re:That USB stick that I found in the parking lot! by Anonymous Coward · · Score: 0

      > . . . but Google would never be lackeys, henchmen and hoodlums for the US government . . . and plant NSA spyware on the sticks . . .

      You're right. They never would. Your Intel CPU and chipset are more likely to have FedGov sponsored backdoors than anything from Google.

    3. Re:That USB stick that I found in the parking lot! by Anonymous Coward · · Score: 0

      . . . but Google would never be lackeys, henchmen and hoodlums for the US government . . . and plant NSA spyware on the sticks . . .

      They don't need to when you already have Google spyware on you. The NSA can just get the data directly from Google's servers, much more convenient.

    4. Re:That USB stick that I found in the parking lot! by PolygamousRanchKid+ · · Score: 1

      I tried that stick on my Linux deskop and nothing happened.

      The year 2007 was the year of "Linux on the Desktop". Sorry, you're a bit late.

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  6. Re:As usual, leftist politicians protect themselve by stabiesoft · · Score: 1

    How is this left/right? Jared has already been caught along with a number of other trump people using private email. Get over it. But I totally agree with one of the prior comments. Thanks google for reminding us that once again the rich/political class is special.

  7. Re:As usual, leftist politicians protect themselve by youngone · · Score: 2

    Ha! Ha! Leftists. Good one.
    As if the US has any leftist politicians.

  8. Another brilliantly useless article by mhkohne · · Score: 2

    I'd love to know what Google is actually changing, but the article doesn't really say - I've been using a physical security key for my google account logins for a while now. Though the 'limiting apps that can connect' is certainly a good thing, I can't figure out what they are actually changing otherwise.

    Does this involve being able to force accounts to use a security key? What's really going on here?

    --
    A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
  9. I lost my...[hacked] by geekmux · · Score: 2

    Because they will spend the money on USB keys and then not bother with creating some form of identity validation policy, cue the "I lost my USB key, can you give me a temporary password?" phone hack in 3...2...

    Social Engineering. Because hacking ignorance, is timeless.

    1. Re:I lost my...[hacked] by Opportunist · · Score: 2

      And better nobody thinks that "company policy dictates that I must not" is an answer that CEO is going to accept. This is basically why the CEO fraud is so successful: CEOs with delusions of grandeur and a short temper, with underlings too scared to not jump when someone yells at them through the phone because they're used to it.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:I lost my...[hacked] by sl149q · · Score: 2

      For corporate gmail, the "can you give me a new password" request goes to the administrator of your corporate gmail. It does not go to Google.

      That raises the bar slightly. First the hackers have to know who that is. Second they have to determine what the practices and procedures for making the request are for your organization and third what a possible way to subvert them are. Should be different for all organizations.

    3. Re:I lost my...[hacked] by geekmux · · Score: 1

      For corporate gmail, the "can you give me a new password" request goes to the administrator of your corporate gmail. It does not go to Google.

      That raises the bar slightly. First the hackers have to know who that is. Second they have to determine what the practices and procedures for making the request are for your organization and third what a possible way to subvert them are...

      *hacker gleans CxO names and titles from the corporate website, along with major customers from PR postings*

      "Yes, Hi. My name is Mr. Smith. I just started last week and lost my token. Mr. [name-drop CEO] stated it was urgent that I contact someone to get access immediately because we have [name-drop customer] waiting on a million-dollar order!"

      Yeah, the bar was raised alright. By an inch.

      ...Should be different for all organizations.

      When it comes to social engineering, little has changed.

    4. Re:I lost my...[hacked] by Anonymous Coward · · Score: 0

      Because they will spend the money on USB keys and then not bother with creating some form of identity validation policy, cue the "I lost my USB key, can you give me a temporary password?" phone hack in 3...2...

      Social Engineering. Because hacking ignorance, is timeless.

      Google don't help you via phone.

  10. what's really going on by Anonymous Coward · · Score: 0

    Usually giant companies like this have shitload of bureaucracy within and I really doubt that this is an idea of an engineer or a middle management. It's most likely something that the higher ups came up with as a marketing PR move to boost themselves.

    Once this gets rolled out, I wouldn't be surprised that they're going to have this for coorperations/business logins, where Google's primary objective is to track people while they're logged in at work, usually at a different IP address as their personal home computer.

    That's what all this google drive corporate accounts are for. Right now the authentication is your work login, but the data is stored on google servers.

  11. FIDO U2F keys? by Anonymous Coward · · Score: 3, Informative

    Google already supports FIDO U2F keys, such as yubikey, that you can use instead of their google 2FA app.

    How is this news?

    1. Re:FIDO U2F keys? by Anonymous Coward · · Score: 0

      How is this news?

      Because now Google will be marketing it aggressively?

    2. Re:FIDO U2F keys? by godel_56 · · Score: 1

      Something I've always wondered, what happens if you lose your Yubikey or its electronics stuffs up? How do you reestablish your identity?

      Are we back to security questions like "what's your mother's maiden name?"

    3. Re:FIDO U2F keys? by sl149q · · Score: 1

      Through your back up email account. Or (currently) if enabled, a text to your back up phone.

    4. Re:FIDO U2F keys? by earlytime · · Score: 1

      Something I've always wondered, what happens if you lose your Yubikey or its electronics stuffs up? How do you reestablish your identity?

      Are we back to security questions like "what's your mother's maiden name?"

      Godel,

      Same as with your house key or car key. You just setup another U2F/yubikey key and use that to recover/access your account, then disable the lost/damaged/stolen key.

      --

  12. This explains recent Y2F Android failure by Anonymous Coward · · Score: 1

    No small wonder Google nonchalantly deactivated Y2F key support for Android recently....

  13. Re:As usual, leftist politicians protect themselve by Frosty+Piss · · Score: 1

    As if the US has any leftist politicians.

    Bernard?

    --
    If you want news from today, you have to come back tomorrow.
  14. All animals are equal... by Anonymous Coward · · Score: 0

    ...but some are more equal than others.

    -Squealer, Animal Farm

  15. Re:As usual, leftist politicians protect themselve by Lunix+Nutcase · · Score: 0

    Says a person who doesn’t give away their real name and could have multiple sockpuppet accounts. So brave you are.

  16. too hard by bugs2squash · · Score: 1

    when I read this I thought they meant they had dumbed it down to make it easier to use than typing in a password or rubbing your finger over a fingerprint scanner because these has all proven to be overly difficult for CEOs and polititicians.

    --
    Nullius in verba
  17. Us and them by Anonymous Coward · · Score: 0

    Yep, us and them. Thanks for making that clear, Google.

  18. But by Vinegar+Joe · · Score: 1

    I thought politicians were supposed to use only their government email address.

    --
    "The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
    1. Re: But by Anonymous Coward · · Score: 0

      No, they're allowed to use their personal accounts for sexting to minors.

    2. Re:But by Opportunist · · Score: 1

      Nah, they run their own mail servers for the official stuff.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:But by Anonymous Coward · · Score: 0

      I thought politicians were supposed to use only their government email address.

      Well, there are politicians who have yet to be elected. And then there is the campaign support staff and the party national committees, none of which (necessarily) have a government email address.

      From what I understand, when you have a high level guy like Leon Penetta, there are a number of staffers who have been given access to his email. I imagine that part of what Google has done here is to make it possible to grant this access without compromising 2FA.

  19. Really? by Spazmania · · Score: 1

    If you have "heightened security concerns," what on earth are you doing using a public webmail product?

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    1. Re:Really? by sl149q · · Score: 2

      I suspect Gmail (corporate version) is more secure than what most organizations can implement and support.

      The only problem with hardware 2-factor is how to incorporate it into mobile. Is the phone itself a sufficient token (if coupled with something like TouchID to verify the user?)

      The Fido hardware keys are a simple way to secure desktop access.

    2. Re:Really? by HermMunster · · Score: 1

      I couldn't agree more. These people shouldn't be using Google services if they need enhanced security.

      I'd say that just using Windows is a security risk.

      --
      You can lead a man with reason but you can't make him think.
    3. Re:Really? by skegg · · Score: 1

      Some tokens have NFC. I presume this allows the user to tap the token against the phone when logging-into the app, thus providing another, secure factor.

    4. Re:Really? by swillden · · Score: 1

      The only problem with hardware 2-factor is how to incorporate it into mobile.

      NFC-enabled tokens. This is what Google uses internally (which I suspect is the same thing they're marketing to celebs and execs): Device has an authentication key, plus password, plus USB/NFC token. Three-factor auth.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    5. Re:Really? by vlueboy · · Score: 1

      NFC-enabled tokens. This is what Google uses internally

      Although the politicians / CEO's are Google's target today, eventually a company will make a tier for the rest of us... including non-technical "normies" using cheap phones ($50 - $150)...
      In my experience, while tech people almost exclusively splurge on feature-rich flagship phones where NFC is a given, cheap phones are common for normies.

      I did a lot of research to replace my dying phone last week. Cheap (and not so cheap) phones don't cover the 5Ghz Wifi band yet. Cheap phones don't have DLNA. They don't have mirroring / Wifi Direct, which I enjoyed a handful of times on our new, cheap smartTV. Cheap phones cover few video codecs so you're left with weird "not supported" errors when playing some files. Cheap phones don't have remote control features. More relevantly, cheap phones don't have NFC.

      My dying flagship supports all of the above, but replacing those same features is still requiring the same prices as 30 months ago. Worse, features have been nerfed (battery removal, forced sim card resizing replacement and sometimes loss of headphone jack). Since I am on an older phone now, I'm a little worried for whims of companies bringing about new breach-inspired requirements towards new hardware that I'll be prompted to consider for work-related authentication.

    6. Re:Really? by AmiMoJo · · Score: 1

      Most phones have NFC which can be used with a suitable token that also has USB for desktop use. Many phones have USB-C as well now, which you could plug the token in to.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:Really? by swillden · · Score: 1

      If you can't afford a more expensive phone, I think you're better off getting a 2-3 year old high end phone. They can usually be purchased at or slightly above the upper end of the range you quote. Those cheap phones are typically running ancient software, completely unsupported, as well as the other limitations you mention.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    8. Re:Really? by bluefoxlucid · · Score: 1

      USB-c FIDO keys.

      --
      Support my political activism on Patreon.
    9. Re:Really? by Spazmania · · Score: 1

      I have the corporate version. It's the same as the free version but you have a domain and can add and remove your own accounts.

      Authentication factors: What you know, what you have, what you are.

      What you know: a password
      What you have: a cell phone
      What you are: a fingerprint

      Two elements from "what you know" is only single factor authentication. For two factor authentication, you need elements from two categories.

      So, your password and your high school mascot is only single-factor authentication because both are from the "what you know" category.

      A password plus the six digits from Google Authenticator is two factors: what you know (password) and what you have (a cell phone running Google Authenticator with the appropriate encryption key).

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  20. The hand that feeds by Anonymous Coward · · Score: 0

    Google will not bite it of course. I would hope they'd spend more effort securing their services and Android, but instead they choose to align with powerful Washington DC elites and to hell with everyone else.

    Fuck Google.

  21. Status quo = Plausible deniability by Anonymous Coward · · Score: 0

    My account was hacked! I would never say stuff like that.

  22. Can we make the politicians authentic too? by gurps_npc · · Score: 1

    Oh, a man can dream, a man can dream.

    --
    excitingthingstodo.blogspot.com
  23. Gotta protect the elite by Anonymous Coward · · Score: 0

    That is the new Google "do not evil to the hand that feeds you" policy.

  24. Least likely to use it by HermMunster · · Score: 2

    Those two groups are least likely to use it.

    It isn't a good testbed.

    It implies everyone else is less important.

    It won't change hacker's mentality toward hacking.

    CEOs shouldn't be using Gmail.

    --
    You can lead a man with reason but you can't make him think.
    1. Re:Least likely to use it by Archon · · Score: 1

      "CEOs shouldn't be using Gmail."

      I set my clients up on G Suite products all the time, Gmail especially. Including CEOs. If the password is strong and unique I don't see the issue, better yet if using 2FA. Or are you suggesting Google is exfiltrating email user data in a way that exposes company secrets?

    2. Re:Least likely to use it by Anonymous Coward · · Score: 0

      Or are you suggesting Google is exfiltrating email user data in a way that exposes company secrets?

      Isn't that why Gmail exists? That's why Gmail doesn't cost any money.

  25. Re:As usual, leftist politicians protect themselve by HermMunster · · Score: 1

    Is there anything but?

    --
    You can lead a man with reason but you can't make him think.
  26. Protect from whom? by markdavis · · Score: 2

    So with the increased security, that helps to protect from people trying to hack into Google. But who protects us from Google? They already have too much information and now they insist on having even more:

    Google just pushed out an update last week, so apparently unless I turn on tracking and logging of everything I do (location, web history, etc), I can't use my Wear watch to search for ANYTHING anymore. Really?

    The watch was great when I first bought it. Then they updated and ruined the search ability. Instead of being a nice, fast, Google web-like search engine, it became some stupid Google Now-like thing that doesn't ever give me what I want and no choices. Several months later it is "upgraded" to "Google Assistant" which REQUIRES I turn on all this tracking and storage. Almost nothing I want to search for requires a "history" of what I have done in the past.

  27. Animal Farm by Anonymous Coward · · Score: 1

    > ... Ok Google, I get it. Us plebs don't deserve good security ...

    Google has become an Animal Farm

    They now practice the "All animals are equal but some animals are more equal than others " doctrine

  28. Like Twitter sells verification? by Anonymous Coward · · Score: 0

    Google is not going to sell strong authentication to every atom, Dick and Jane any more than Twitter (officially) sells verification to any plebe that wants it.

  29. Google buying off RSA tokens? by Anonymous Coward · · Score: 0

    Symantec is hurting right now. Has google quietly purchased their RSA token division?

    Hell, something like a YubiKey with capacitors to charge the RSA token generator from USB power would be nice.

  30. More liberal elistism I see... by Anonymous Coward · · Score: 0

    As if CEOs and Politicians are the only people with important information. I see it as the exact opposite. People at the "top" rarely have the details of what is actually going on.

  31. kushner thanks you by Anonymous Coward · · Score: 0

    trump and his putrid ilk thank you for hiding their corruption.

  32. The 1980s called by Anonymous Coward · · Score: 0

    The 1980s called. It wants its dongles back.

  33. We're not paying customers. by Anonymous Coward · · Score: 0

    Like a lot of other good things in the world, it's not free. You want good things like good security, or good food, or good customer service, you have to be willing to pay for it.

  34. Google security sucks by Anonymous Coward · · Score: 0

    Google likes to brag about improved security, but their "improvements" have led that many ordinary users have been locked out from their legitimate accounts, because Google has decided it knows better what kind of security you need. For instance, Google may reject the correct login and password if you try to login from another computer of yours. There is no clear guidelines how to recover from that. It is just that Google has decided that cookies stored one computer is more important that knowledge of login/password (or even ability to answer all security questions). This is a very poor decision, because if your password is stolen then your cookies can be stolen too. (If the attacker stole your information and erased your cookies, Google will trust more to the attacker than you.) Also, if you lose your cookies for whatever reason (hard-disk failure or whatever), you can lose your Google account. Google will offer you to answer their security questions, but it may not help even if all your answers are correct.

    So, perhaps, it is good that they started their new "improvements" with their high-profile users, because if one of them loses his account, it will generate enough noise to force Google to take some real actions...

  35. Re: As usual, leftist politicians protect themselv by Anonymous Coward · · Score: 0

    It allows one to read his post history

  36. I know this has already been explored, but... by rickb928 · · Score: 1

    ...now you know who is important to Google. And it is not virtually everyone reading this forum. Both politicians reading this will be encouraged that they are in the clear.

    --
    deleting the extra space after periods so i can stay relevant, yeah.
  37. How will this pass any company compliance team by Anonymous Coward · · Score: 0

    OOO yeah I use gmail to talk with other CEOs,

    Compliance: ok

  38. THIS will change the future by Anonymous Coward · · Score: 0

    F*ck everything, we're doing Three-Factor Authentication!

  39. Re: As usual, leftist politicians protect themselv by Anonymous Coward · · Score: 0

    The fact that the republicants currently control everything and still can't agree on healthcare or other issues....doesn't seem like it no.