Google launches new security features to protect users from unverified apps

I like the forced UX of typing something, though "continue" might be glossed over. It would be an interesting study to determine if typing "I know the risk" is a better safety mechanism for users (can be A/B tested for less pass-through events) than "continue".

I'm not sure I'm a fan of the way Google is re-using the Chrome error page styling for this, but I can't put my finger on why exactly...

I just can't shrug off the thought that manual review approach is a lost game in the long run. It's a process than requires skilled human and can't be fully automated while generating malicious code perfectly can.

Does this also appear on websites only using Google OAuth for authentication, requesting only the email address?

But they still don't let you create app-specific passwords/tokens without enabling 2FA. How they think enabling "less secure apps" is better is beyond me. Trying to force an office full of luddites into 2FA does not go down well.

&gt; Type Continue to go to example.com<p>User types &quot;continue&quot;

In case you don&#x27;t feel like clicking, this doesn&#x27;t concern Android apps, but OAuth apps that want access to your Google account.

No point 0Auth apps if google has access to it. Rather pay for my e-mail service than to use google, whose source of revenue is directly in conflict with my interest of privacy and security.<p>I highly recommend protonemail.com. Has all the bells and whistles and its major feature is user privacy and security.

Google has become the judge, the jury and the executioner of the internet. Recently a malicious user embedded an image from a site that is on Google&#x27;s Safe Browsing list in a forum that is itself embedded on a third party site. This nuked a popular third party site where the forum is embedded: it is now flashing red (malicious software detected) in Chrome.