Spent the day promising journalists the security keys I was setting them up with defended against phishing, and came home to fucking oauth
-
-
Replying to @Pinboard
Google let app be named "Google Doc". How are people supposed to deal with this? Let us hope there is no payload here. :-(
2 replies 0 retweets 10 likes -
My advice to friends was: If you click anything in email and it prompts for permissions, confirm with the (nominal) sender.
1 reply 0 retweets 0 likes -
wouldn't completely help in this instance, because people do send Google docs.
2 replies 0 retweets 1 like -
Right, but if you ask someone "did you send me a Google Doc just now," in this case they would likely say no. Not perfect, but something.
1 reply 0 retweets 0 likes -
The workflow really doesn't realistically allow this. Very hard to routinize against rare threat. People are exchanging Google docs all day.
1 reply 0 retweets 3 likes -
Right, that's why I suggest to only do it if you are unexpectedly prompted for new permissions.
1 reply 0 retweets 0 likes -
"Unexpected" is not all easy to discern.
1 reply 0 retweets 0 likes -
Yep, definitely agreed there. Constantly-changing software UI makes this especially hard.
1 reply 0 retweets 1 like
they JUST changed their login screen, too.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.