On Wed, Jan 30, 2013 at 6:37 AM, Edward Angel <[email protected]> wrote: > Owen, > > How does a better password system prevent someone from using someone else's > name with a different email address? it seems you are mixing two problems.
[BTW: this is long so a quick question to the list: does anyone use googles 2 factor authentication? If so, could you give us your experiences?] It doesn't, directly. The scam is to crack into someone's email account, grab their contacts, then send emails that look trustworthy but aren't. A popular example washed over Italy, and I think most of Europe last year. Email from a friend to you (in contacts list) asking for some money because the friend is stuck traveling with a problem and needs cash fast. We actually saw it working. The one I received a few days ago was really novice: didn't forge the "from" address which can be done trivially. The europe attack actually used the hacked account with the pw changed. > The first one, using someone else's name, is a constant problem. I get a > couple a day that have done things like copy my bank's homepage. I don't how > that one can be stopped easily other than by some legal method that > introduces other problems. The main thing is to consider your mail account as important as your bank! The trove of info available is surprising. And like everyone else, I've been lax. So I thought there might be the possibility that my gmail had been compromised. This is why I ask about 2-factor authentication (TFA) .. gmail allows it and it got a lot of press from the Mat Honan (wired magazine) complete hack destroying a huge part of his digital ecology. Here's some info: http://the-gadgeteer.com/2012/01/02/google-2-step-authentication-review/ http://www.mattcutts.com/blog/google-two-step-authentication/ Apparently my gmail was OK, and the favorite way people get this info is via facebook scraping. I do have a link with the "sender" on fb so likely the source. But I do plan to try TFA even though the couple of sites that use have no common protocol. Even google's "war on the password" http://www.wired.com/wiredenterprise/2013/01/google-password/all/ indicates that their current mode will be migrated to a physical device. We hope to avoid a pocket full of them! Should be interesting to see if any of us use gmail's TFA. Please: anyone of us using it give us a summary. It does seem to be annoying if you have lots of devices. ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
