Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
Privacy and encryption
Looking for a new offshore email provider?
Message
<blockquote data-quote="notabot" data-source="post: 843327" data-attributes="member: 75970"><p>What I'm saying is not that the dangers you mention are not valid but they are related to the processes for resetting credentials, not 2FA per se.</p><p> Google is one company who got it right in hardening credentials reset with their Advanced Protection Program, you lose your u2f dongle, bye bye new logins unless you pass a really long and tenuous process.</p><p> ProtonMail could learn from them in that department.</p><p></p><p> If you want to harden it even more and completely block resetting credentials, that offers a tiny bit more security compared to Advanced Protection, ( as due to the long interval and tenuous process it's hard to get through it via social engineering ) but with the risk of a huge hustle, not being able to ever again access your email.</p><p></p><p>In any case at the moment they do not have hardened processes around resetting credentials, but if/when they do, I'd expect them to adopt a credentials reset process on the merit of what most of their users deem sufficient for their needs and the inconveniences alternatives may introduce.</p></blockquote><p></p>
[QUOTE="notabot, post: 843327, member: 75970"] What I'm saying is not that the dangers you mention are not valid but they are related to the processes for resetting credentials, not 2FA per se. Google is one company who got it right in hardening credentials reset with their Advanced Protection Program, you lose your u2f dongle, bye bye new logins unless you pass a really long and tenuous process. ProtonMail could learn from them in that department. If you want to harden it even more and completely block resetting credentials, that offers a tiny bit more security compared to Advanced Protection, ( as due to the long interval and tenuous process it's hard to get through it via social engineering ) but with the risk of a huge hustle, not being able to ever again access your email. In any case at the moment they do not have hardened processes around resetting credentials, but if/when they do, I'd expect them to adopt a credentials reset process on the merit of what most of their users deem sufficient for their needs and the inconveniences alternatives may introduce. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
