Somewhat in the weeds here, but I still find it odd/curious that Google is still using SHA-1 fingerprinted SSL certificates.
Weren't they making a big deal of pushing SHA-2 fingerprinted SSL certs a while back? On Wed, May 27, 2015 at 12:16 AM, Octavio Alvarez <octalna...@alvarezp.org> wrote: > On 05/26/2015 08:44 AM, Owen DeLong wrote: > >> I think opt-out of password recovery choices on a line-item basis is >> not a bad concept. >> >> For example, I’d want to opt out of recovery with account creation >> date. If anyone knows the date my gmail account was created, they >> most certainly aren’t me. >> >> OTOH, recovery by receiving a token at a previously registered >> alternate email address seems relatively secure to me and I wouldn’t >> want to opt out of that. >> >> (( many more snipped )) >> > > I would definitely opt-out from any kind of "secret questions" that I > couldn't type by myself. > > Many many sites still think this is a good idea. > > Best regards. > -- Blair Trosper p.g.a. S2 Entertainment Partners Desk: 469-333-8008 Cell: 512-619-8133 Agent/Rep: WME (Los Angeles, CA) - 310-248-2000 PR/Manager: BORG (Dallas, TX) - 844-THE-BORG