Hi ! On Thu, Jul 25, 2013 at 2:11 PM, cloudtalk <[email protected]> wrote:
> 1. what is the point of two step verification? > The way I see it, is that it adds a second layer of security ie. you need both your password and the one-time code, usually sent to your cell phone. > this method lets your account be accessed by backup codes > a backup code contains a string of 8 digits (all numbers). > say your actual password is more than 8 digits (numbers and letters). > your password is much more secure than the backup code. > I'm guessing that if a cracker were to throw random codes at the Gmail login, it would probably add a Captcha like it does if one enters the password incorrectly more than 3 times. > so hacker has easier time to hack your account by focusing on backup codes > than your password > sure, backup codes are one time codes. but hacker only needs it one time > too. > > so how can this be more secure? what am i missing? > The easiest way for a cracker to obtain the one-time code would be via a keystroke logger but then, if the user has already typed the code in, it has been used and would be useless to the would-be thief. 2. how does google determine that a computer is a trusted one ? > can't someone replica the cookie that google gives your browser? > is it more than just the cookie that google uses to identify trusted > computer? like IP also? something else too? What? > I doubt it would use IP. Most Internet service providers issue a different IP address from their pool every time one connects. -- Marko -- You received this message because you are subscribed to the Google Groups "Gmail-Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/gmail-users. For more options, visit https://groups.google.com/groups/opt_out.
