diff options
Diffstat (limited to 'content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md')
-rw-r--r-- | content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md b/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md index e85ba9e..6773c77 100644 --- a/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md +++ b/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md @@ -3,7 +3,7 @@ title: "Re: Against risk-based authentication (or, why I wouldn't trust Google C date: 2023-08-10T00:00:01 draft: false --- -I found another [article](https://www.devever.net/~hl/logindenial "Against risk-based authentication (or, why I wouldn't trust Google Cloud)") written by Hugo Landau which discusses the unavailability of risk-based authentication (non-deterministic login). The article also points out how the login systems of many online services seem very poorly thought-out. For those who don't want to read the entire article, here's a short quote which captures the essence of Hugo's critique: +I found another [article](https://www.devever.net/~hl/logindenial "Against risk-based authentication (or, why I wouldn't trust Google Cloud)") written by Hugo Landau which discusses the unavailability of risk-based authentication (non-deterministic login). For those who don't want to read the entire article, here's a short quote which captures the essence of Hugo's critique: > "The problem is precisely this: The credentials you require to access a Google account are essentially indeterminate. Supposedly, for a simple Google account without 2FA enabled, knowledge of the account email and password should be sufficient to access an account; except sometimes, they aren't. Sometimes, Google might randomly decide your login attempt is suspicious, and demand you complete some additional verification step. > |