Collaborate Disseminate
I was reading this response on SE about 2FA:
Well, I hate to break this to you, but Google Authenticator plus
password isn’t really two-factor authentication. Proper 2FA is two
separate items out of traditionally the triad "something… Continue reading Is 2FA based on Google Authenticator Real?
They say a chain is only as secure as its weakest link. When it comes to account security it seems to me that the Forgot My Password functionality is the weakest link in the security chain because it only requires an attacker to gain acces… Continue reading Forget Me Not? Abandoning the Forgot Password Functionality
I’ve seen quite a few security centric sites enforce this policy:
Your username can only be changed once
My question is: Is this done from a security standpoint? If yes, what is the logic behind it? My initial impression is that once you… Continue reading Your username can only be changed once?
Assume I ask someone to create a filter in their Gmail account that automatically forwards certain emails to my inbox. If the original email was protected with DMARC, would the forwarded email also be protected? Or does it lose the protect… Continue reading Do fowarded emails retain DMARC protection?
I have an application that rewards users for placing orders with certain merchants. In order to verify that the order was actually placed and delivered, a user is required to grant us read access to a new Gmail Inbox that is created and sh… Continue reading Is it Safe to Rely on Gmail API to Reward Users for Placing Orders on Merchant Sites?