Since I work for Google and am very visible on mailing lists a lot of
people reach out to me when their friend's email account gets
hijacked. I don't know any official statistics or if it is getting
better or worse.
However, there have been a number of new features related to this
lately. Gmail now randomly prompts people to verify that their
recovery information is still valid (you'd be amazed at how many of my
friends couldn't use the recovery procedure because their phone number
or alternate email address had changed). The recovery procedure has
been greatly reworked and improved.
MOST IMPORTANTLY: If you have a friend that uses Gmail / Google apps,
please please please beg the to enable two-factor authentication.
http://techcrunch.com/2010/09/20/google-secure-password/
I've been an advocate of two-factor auth for 15 years. TOSANA touted
it but back then it was an expensive, pie-in-the-sky feature for most
sites. Now that nearly everyone carries a phone that can be your
hand-held-authenticator and/or receive text messages the old excuses
of high cost and social acceptance are fading.
I'm not speaking officially for my employer, but please encourage your
non-technical friends to try these new features. They might not
understand technical issues about cookie hijacking, brute force
attacks, etc. but they intuitively understand "only people with my
cell phone can use my account".
Tom
--
http://EverythingSysadmin.comĀ -- my blog (new posts Mon and Wed)
http://www.TomOnTime.com -- my advice (more videos coming soon)
_______________________________________________
Tech mailing list
[email protected]
http://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
