Kudos to the Google Security System

While others are still dabbling with OAuth2 – Google does some really sensible stuff!

“Dominick,
Someone recently tried to use an application to sign in to your Google Account. We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:

Tuesday, February 19, 2013 4:36:30 PM UTC
IP Address: 80.232.78.190
Location: Norway

If you do not recognize this sign-in attempt, someone else might be trying  to access your account. You should sign in to your account and reset your password immediately. Find out how at …”

I am indeed in Norway (which I am normally not) and tried to read my Google Reader blogs with a 3rd party application (Reeder). Nicely done!

I should that I got this email the moment Reeder gave me an “access denied” and that unlocking was very easy as well.

On a related note – The OAuth2 threat model document is required reading for anyone implementing one or the other piece of OAuth2.

This entry was posted in OAuth. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s