HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Here's how an attacker can bypass Google’s two-step login verification and gain full control of your account by capturing a user’s application-specific password ASP.
We think it’s a rather significant hole in a strong authentication system if a user still has some form of “password” that is sufficient to take over full control of his account. However, we’re still confident that — even before rolling out their fix — enabling Google’s 2-step verification was unequivocally better than not doing so.