Google has introduced a new feature called Restore Credentials which saves your app login info and restores it seamlessly on new devices.

  • kolorafa@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    2 days ago

    proper authentication protocol do not send your password to Google to authenticate

    That is not true for 99% services including google. Google have a plain text password at the time you are logging in, they just store hashed+salted version in storage.

    (Almost) No website (or app) is hashing the password before sending it to server, so if you hack the login screen you can dump RAW passwords anytime.

    • coherent_domain@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      14 hours ago

      You are right. I have done some research, it seems most people think that client side hashing is unnecessary in an HTTPS setting.

      That is my misunderstanding.