workflows.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Han-Wen Nienhuys <hanwen@google.com>
To: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>, workflows@vger.kernel.org
Subject: Re: Gmail (was: Re: lore+lei: part 2, now with IMAP)
Date: Tue, 16 Nov 2021 13:18:48 +0100	[thread overview]
Message-ID: <CAFQ2z_M_PbuL8BzwDeLxgU8=i5ei6Y4UDoLFoP_hcum+SESRBg@mail.gmail.com> (raw)
In-Reply-To: <20211115214641.lxo5zhttrqq6mx2z@nitro.local>

On Mon, Nov 15, 2021 at 11:59 PM Konstantin Ryabitsev
<konstantin@linuxfoundation.org> wrote:
>
> On Mon, Nov 15, 2021 at 07:34:00PM +0100, Geert Uytterhoeven wrote:
> > On a related subject, I am using Gmail for email (e.g. patch review),
> > but not for actual patch submission (git send-email through my ISP's
> > SMTP server). I do have app passwords set up for git send-email on
> > my laptop (if I ever need to send patches while on the road, barely
> > used so far) and for backing up email using getmail.
> >
> > Recently I received an email from Google that my account may be "at
> > greater risk of targeted attack", and that they recommend enrolling
> > into Google's strongest account security offering, the Advanced
> > Protection Program.  Apparently this makes use of a hardware token,
> > the Titan Security Key.
>
> Well, I'm sure they wouldn't mind if you paid them money for a "Titan Security
> key", but it's really just a rebranded Chinese-made U2F token and, as such,
> not any different from any other U2F security key. You can get one from

Most electronics are made in China, but the Titan is set apart because
it was designed by Google, and was certified for FIPS 140-2,

https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3361.pdf

If assurances about secure hardware implementations aren't important
to you, you can use any U2F device. If you have USB ports to spare, I
can recommend the Yubikey Nano, which you can just leave in a USB port
permanently. I also have a HyperFIDO Titanium Pro (from HyperSECU) on
my keychain which is very sturdy.

-- 
Han-Wen Nienhuys - Google Munich
I work 80%. Don't expect answers from me on Fridays.
--
Google Germany GmbH, Erika-Mann-Strasse 33, 80636 Munich
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado

  parent reply	other threads:[~2021-11-16 12:19 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-12 19:13 lore+lei: part 2, now with IMAP Konstantin Ryabitsev
2021-11-15 18:34 ` Gmail (was: Re: lore+lei: part 2, now with IMAP) Geert Uytterhoeven
2021-11-15 21:46   ` Konstantin Ryabitsev
2021-11-16  8:01     ` Geert Uytterhoeven
2021-11-16  8:04       ` Drew DeVault
2021-11-16  8:26         ` Geert Uytterhoeven
2021-11-16  8:29           ` Drew DeVault
2021-11-16 13:49             ` Konstantin Ryabitsev
2021-11-16 13:51               ` Drew DeVault
2021-11-16 14:04                 ` Konstantin Ryabitsev
2021-11-16 13:35       ` Konstantin Ryabitsev
2021-11-16 12:18     ` Han-Wen Nienhuys [this message]
2021-11-22 14:37 ` lore+lei: part 2, now with IMAP Jani Nikula
2021-11-22 15:07   ` Konstantin Ryabitsev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAFQ2z_M_PbuL8BzwDeLxgU8=i5ei6Y4UDoLFoP_hcum+SESRBg@mail.gmail.com' \
    --to=hanwen@google.com \
    --cc=geert@linux-m68k.org \
    --cc=konstantin@linuxfoundation.org \
    --cc=workflows@vger.kernel.org \
    --subject='Re: Gmail (was: Re: lore+lei: part 2, now with IMAP)' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).