• jarfil@beehaw.org
    link
    fedilink
    arrow-up
    13
    ·
    edit-2
    11 months ago

    From my superficial glance at the exploit, it abuses Google’s mechanism to keep you logged in on every device you were before a password reset, so “I think” it doesn’t matter how many times you change it. I haven’t dived deeeper or checked what would be a real countermeasure other than logging out everywhere.

    I’ve also marked it to check out how it might interact with passkeys and password-less logins; at first sight, it could be really bad.