|
Title: Want Gmail? Best have your mobile handy ! Post by: mobaholic on July 30, 2009, 10:03:25 AM Gmail starts taking numbers According to TheRegister (http://www.theregister.co.uk/2009/07/29/gmail_mobile/), "Users signing up for a Gmail account are now being asked to provide a mobile-phone number in the continuing war against spam, though Google will keep it handy just in case anything else turns up. The new requirement pops up as part of the Gmail sign-up procedure, and requires the user to provide an SMS-capable number to which a security code can be sent. If you don't have a mobile then Google suggests you borrow someone else's, as those without one won't get a Gmail account anymore. You might have thought that once the authentication has been received Google wouldn't need to hang onto your mobile number, but you'd have thought wrong: "Your number will also be associated with your account to avoid unnecessary future verifications for other Google services", though the Do-No-Evil company does clarify: "your number will never be sold or shared for marketing purposes without your permission, nor will we contact you using this number without your express permission". So that's OK then. We contacted Google, who assured us this has nothing to do with harvesting numbers for an imminent launch of Google Voice on this side of the pond. That is a shame, but our charging structure always made it very unlikely. The decreasing cost of text messaging has driven many companies to resort to such out-of-channel security measures, and if it works at reducing the deluge of spam then that's got to be a good thing". Title: Re: Want Gmail? Best have your mobile handy ! Post by: andy on August 14, 2009, 12:25:22 AM I just read something that might be the reasoning behind this
Someone discovered a security glitch, which allowed anyone with a Gmail account to guess another user's password 100 times in 2 hours, 1200 times a day. As many hackers might control well over 100 accounts, that gives a lot of guesses. So it recommends people adopt stronger passowrds, as many don't need all that many attempts. Once cracked, the victim's gmail might be used to send spam http://windowssecrets.com/comp/090806/#story1 http://seclists.org/fulldisclosure/2009/Jul/0254.html Title: Re: Want Gmail? Best have your mobile handy ! Post by: mobaholic on August 14, 2009, 11:41:46 AM I just read something that might be the reasoning behind this Someone discovered a security glitch, which allowed anyone with a Gmail account to guess another user's password 100 times in 2 hours, 1200 times a day. As many hackers might control well over 100 accounts, that gives a lot of guesses. So it recommends people adopt stronger passowrds, as many don't need all that many attempts. Once cracked, the victim's gmail might be used to send spam http://windowssecrets.com/comp/090806/#story1 http://seclists.org/fulldisclosure/2009/Jul/0254.html Thank you for this post andy. :) Although I can see the dangers of password detection and theft, it is not immediately apparent to me how this relates to the need for a mobile number to open an account ? :-\ Furthermore, if you are right about the underlying reasoning, surely the very first thing that gmail should have done is to mail all its readers advising them to change their passwords to ones less easy to crack ? :o If you see the line between cause and effect here more clearly than I do, perhaps we may look forward to your further thoughts please. ;) TIA. Title: Re: Want Gmail? Best have your mobile handy ! Post by: andy on August 14, 2009, 11:54:01 AM well, the reasons may or may not be aligned, but one possible assumption from the text message requirement would be that Gmail had experienced networks of automated spambots signing up, and that a text message helps to prove a human connection, especially if Google keep the number and check it doesn't sign up for more than a few accounts
my speculation wonders if some of these spambots might also be trying to hack other accounts to increase their numbers Title: Re: Want Gmail? Best have your mobile handy ! Post by: mobaholic on August 14, 2009, 12:04:45 PM well, the reasons may or may not be aligned, but one possible assumption from the text message requirement would be that Gmail had experienced networks of automated spambots signing up, and that a text message helps to prove a human connection, especially if Google keep the number and check it doesn't sign up for more than a few accounts my speculation wonders if some of these spambots might also be trying to hack other accounts to increase their numbers Thanks andy. I follow your first point, and rather agree with the speculation in your second. :) |