Today, our placement cell of University forwarded a message about the recruitment process of a company<p>The company asked the students to create a account on their website with the same password of their personal email ID in their message.<p>Here's the message<p><pre><code> Hi,
Please find attached the
[Company Name] Application
Process Guide and
instruction below. Please
request students to go there
the instruction and attached
ppt before taking the test.
Please ask them to use
Chrome to access the link
for test and once they open
Chrome they have to
type [Registration Link]
and start registering please
ask them to keep trying to
login twice or thrice if
they face any error/problem.
Note: Please ask them to
give their respective roll
number as user name and let
the password be the one
which they use for their
personal mail to access.
They have to give only their
personal email id while
registering and not their
college id because all the
test links will be set to
their personal email id
only.
</code></pre>
Majority of the students are using Gmail. So, what information they can access if they know my Gmail password?
It depends how many Google services you use but it could be a lot. This could be your mail, your docs, calendar, messenger, voice, etc... Plus other services that use Google auth.<p>This request seems very improper for them to request that you set a password the same as their personal email. This actually violates security best practices. I would be very suspicious of why they are requesting this. Also that they specifically state that the registration process may encounter errors and to keep doing it is also suspicious. Are you sure this is a legitimate request? It appears to me a phishing attempt to me.<p>If this is legitimate, this company and your University need to be named so others can avoid these kind of bad practices.
I'd answer that giving out password is a security breach and they need to rework their process. Honestly, if they actually are asking for that, I wouldn't want to work with them.
That's weird they ask for that.<p>You can setup a 2FA so that they would need access to your phone as well.<p>Also, make sure that the email is legit. It could be an attempt to gain access to your account.