Home / Others / Google prohibits integrated logins to stop phishing attacks

Google prohibits integrated logins to stop phishing attacks



Google will soon block the browser's built-in session logons to fight against phishing attacks.
Google will soon block the browser's built-in session logons to fight against phishing attacks.

Image: Thomas Trutschel / Photothek through Getty Images

Google is taking a big step to fight against the attempts of its users.

In the company's security blog, Google Product Manager or Account Security, Jonathan Skelker, announced that the search giant will begin to block the account's login from application-embedded browsers.

The problem with integrated browsers, as Skelker states, is that it leaves Google users susceptible to bad actors' phishing attacks.

Previously, external developers could add web browser instances, such as the Chromium Embedded Framework, to their applications. This allows users to log in to a service with their existing Google account without having to sign up to obtain a new account on a new platform.

While integrated browsers may have made it easier for a user of the application to register or log in, it also made it simpler for a hacker to carry out a phishing attack. Malicious actors can use built-in browser frames to actually look for an unsuspecting user and steal their login credentials.

Unfortunately, Google can differentiate between legitimate logins and a phishing attack through embedded browser frameworks. Because of this, the company has decided to completely ban this login method.

The company is a developer of integrated browsers to switch to browser-based OAuth authentication. Basically, when a user wants to log in to a third-party application using their Google account, the application will open the Google login page through their mobile browser. This way, users can see the URL of the site to make sure it is a legitimate Google page and not an impostor of phishing sites.

Google will begin to block sign-ins from embedded browser frames in June.

Uploads% 252fvideo uploaders% 252fdistribution thumb% 252fimage% 252f91080% 252f8d33fc8e 0fd7 449f b61b 36aac983949a.jpg% 252foriginal.jpg? Signature = qqwdgwlklnkudp7

if (window.mashKit) { mashKit.gdpr.trackerFactory(function() { fbq('track', "PageView"); }).render(); }
Source link