Google has introduced a new feature called Restore Credentials which saves your app login info and restores it seamlessly on new devices.

  • @kolorafa
    link
    English
    1
    edit-2
    1 month ago

    proper authentication protocol do not send your password to Google to authenticate

    That is not true for 99% services including google. Google have a plain text password at the time you are logging in, they just store hashed+salted version in storage.

    (Almost) No website (or app) is hashing the password before sending it to server, so if you hack the login screen you can dump RAW passwords anytime.

    • @[email protected]
      link
      fedilink
      English
      11 month ago

      You are right. I have done some research, it seems most people think that client side hashing is unnecessary in an HTTPS setting.

      That is my misunderstanding.