Another important note; these attacks cross sites. Your friends who want you to buy drugs in mail today will want you to win a free iPad on Facebook next month. They need to change all the places that use that password, preferably to unique passwords.
Elizabeth [email protected] On Nov 8, 2010, at 7:25 AM, Tom Limoncelli <[email protected]> wrote: > Since I work for Google and am very visible on mailing lists a lot of > people reach out to me when their friend's email account gets > hijacked. I don't know any official statistics or if it is getting > better or worse. > > However, there have been a number of new features related to this > lately. Gmail now randomly prompts people to verify that their > recovery information is still valid (you'd be amazed at how many of my > friends couldn't use the recovery procedure because their phone number > or alternate email address had changed). The recovery procedure has > been greatly reworked and improved. > > MOST IMPORTANTLY: If you have a friend that uses Gmail / Google apps, > please please please beg the to enable two-factor authentication. > > http://techcrunch.com/2010/09/20/google-secure-password/ > > I've been an advocate of two-factor auth for 15 years. TOSANA touted > it but back then it was an expensive, pie-in-the-sky feature for most > sites. Now that nearly everyone carries a phone that can be your > hand-held-authenticator and/or receive text messages the old excuses > of high cost and social acceptance are fading. > > I'm not speaking officially for my employer, but please encourage your > non-technical friends to try these new features. They might not > understand technical issues about cookie hijacking, brute force > attacks, etc. but they intuitively understand "only people with my > cell phone can use my account". > > Tom > > -- > http://EverythingSysadmin.com -- my blog (new posts Mon and Wed) > http://www.TomOnTime.com -- my advice (more videos coming soon) > _______________________________________________ > Tech mailing list > [email protected] > http://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ _______________________________________________ Tech mailing list [email protected] http://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
