From ba9691f0a14e5d908d24db39c37f44f2873a51ae04f9818007ec247d0cf4df27 Mon Sep 17 00:00:00 2001 From: Nicholas Johnson Date: Tue, 15 Aug 2023 00:00:00 +0000 Subject: Remove incorrect statement I confused this article with another. --- ...nst-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md b/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md index e85ba9e..6773c77 100644 --- a/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md +++ b/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md @@ -3,7 +3,7 @@ title: "Re: Against risk-based authentication (or, why I wouldn't trust Google C date: 2023-08-10T00:00:01 draft: false --- -I found another [article](https://www.devever.net/~hl/logindenial "Against risk-based authentication (or, why I wouldn't trust Google Cloud)") written by Hugo Landau which discusses the unavailability of risk-based authentication (non-deterministic login). The article also points out how the login systems of many online services seem very poorly thought-out. For those who don't want to read the entire article, here's a short quote which captures the essence of Hugo's critique: +I found another [article](https://www.devever.net/~hl/logindenial "Against risk-based authentication (or, why I wouldn't trust Google Cloud)") written by Hugo Landau which discusses the unavailability of risk-based authentication (non-deterministic login). For those who don't want to read the entire article, here's a short quote which captures the essence of Hugo's critique: > "The problem is precisely this: The credentials you require to access a Google account are essentially indeterminate. Supposedly, for a simple Google account without 2FA enabled, knowledge of the account email and password should be sufficient to access an account; except sometimes, they aren't. Sometimes, Google might randomly decide your login attempt is suspicious, and demand you complete some additional verification step. > -- cgit v1.2.3