Bypassing Google's Two-Factor Authentication

Please create an account to participate in the Slashdot moderation system

Bypassing Google's Two-Factor Authentication 49

Posted by timothy on Tuesday February 26, 2013 @11:47AM from the disclaimer-dug-song-is-a-genius-monkey dept.

An anonymous reader writes "The team at Duo Security figured out how to bypass Google's two-factor authentication, abusing Google's application-specific passwords. Curiously, this means that application-specific passwords are actually more powerful than users' regular passwords, as they can be used to disable the second factor entirely to gain control of an account. Duo [publicly released this exploit Monday] after Google fixed this last week — seven months after initially replying that this was expected behavior!"

This discussion has been archived. No new comments can be posted.

Bypassing Google's Two-Factor Authentication

Search 49 Comments Log In/Create an Account

Comments Filter:

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Bypassing Google's Two-Factor Authentication 49

Bypassing Google's Two-Factor Authentication More Login

Bypassing Google's Two-Factor Authentication

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot