|
|
|
|
|
|
by andreasvc
5185 days ago
|
|
|
Yes, that would be better for the user, but this is a free service, and Google has not much too gain from making the process more complicated (imaginative) and thus more error-prone. As a user you have the responsibility of keeping your password absolutely safe, if you do that (and better yet use 2-factor auth), nothing should go wrong. Your option 1) boils down to adding more "passwords" by which the user can authenticate itself, so it's not a fundamentally better protection as they can be guessed by an attacker as well. Requiring a text message confirmation for password changes might be a better idea. |
|
|
Google has a lot to gain from people entrusting them with their data, that's why they provide a free email service in the first place.
It would be a mistake to think that trust is linear. You can't just treat a few people very badly without risking a major backlash against your business model.