summaryrefslogtreecommitdiff
path: root/content
diff options
context:
space:
mode:
Diffstat (limited to 'content')
-rw-r--r--content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md b/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md
index e85ba9e..6773c77 100644
--- a/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md
+++ b/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md
@@ -3,7 +3,7 @@ title: "Re: Against risk-based authentication (or, why I wouldn't trust Google C
date: 2023-08-10T00:00:01
draft: false
---
-I found another [article](https://www.devever.net/~hl/logindenial "Against risk-based authentication (or, why I wouldn't trust Google Cloud)") written by Hugo Landau which discusses the unavailability of risk-based authentication (non-deterministic login). The article also points out how the login systems of many online services seem very poorly thought-out. For those who don't want to read the entire article, here's a short quote which captures the essence of Hugo's critique:
+I found another [article](https://www.devever.net/~hl/logindenial "Against risk-based authentication (or, why I wouldn't trust Google Cloud)") written by Hugo Landau which discusses the unavailability of risk-based authentication (non-deterministic login). For those who don't want to read the entire article, here's a short quote which captures the essence of Hugo's critique:
> "The problem is precisely this: The credentials you require to access a Google account are essentially indeterminate. Supposedly, for a simple Google account without 2FA enabled, knowledge of the account email and password should be sufficient to access an account; except sometimes, they aren't. Sometimes, Google might randomly decide your login attempt is suspicious, and demand you complete some additional verification step.
>