On Tue, 2015-02-10 at 00:27 +1030, Tim wrote: > And a new security flaw to deal with: Steal my phone, try to log in > to > my mail, and it fails because you don't know my password, click the > "I've forgotten my password" link, and the stupid service uses my > mobile > phone to confirm something, and now you're into my mail. Or, steal my > phone and throw it away, and I've been locked out of my mail. Or, for > some reason I have to change my phone number, I get locked out of > things. I'm afraid my eyes also glazed over reading your very long post Tim, but just to cherry-pick this specific point: Gmail 2FA allows you to print a list of 10 authentication codes for use in case you lose your phone or change the number (and of course changing the number just means registering the new one when logged in). You can of course also lock your phone and disable it remotely. It may not be perfect but it's a long way better than any practical large-scale alternative anyone has thought of so far. There is no magic bullet for security. poc -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
