Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Application-specific passwords weaken Google's two-factor authentication, researchers say

Lucian Constantin | Feb. 27, 2013
Researchers discovered a loophole in Google's authentication system that allowed them to bypass the company's 2-step login verification by abusing the unique passwords used for individual applications.

That said, the researchers would like to see Google implement some kind of mechanism similar to OAuth tokens that would allow restricting the privileges of every individual application-specific password.

Google did not immediately respond to a request for comment about this flaw or possible plans to implement more granular control for application-specific passwords in the future.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.