This repository has been archived by the owner on Jul 6, 2022. It is now read-only.
Authentication process provides no basis of trust #53
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When going through the authentication process for google the user is presented with a sparse window with a black header stating authorization required, displaying what appears to be the google login form; this apparent web view is sandboxed so the user must enter their credentials. This page is devoid of any means by which the user could reasonably ascertain that this is an authentic google form, or connected over a secure connection.
Therefore the only reasonable position for the user to take is to assume that this is a phishing attempt and refuse to enter anything.
because this is sandboxed the user is unable to make use of an already established login such as can be performed by going directly to pushbullet's website for the first time after having signed into google directly.
The text was updated successfully, but these errors were encountered: