Also. HOW do you know it’s a real Google sign-in instead of a fake password stea... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jackjeff on Nov 14, 2020 \| parent \| context \| favorite \| on: Don't use third party auth to sign in Also. HOW do you know it’s a real Google sign-in instead of a fake password stealing form? We’ve trained generations of users to accept it’s alright to give their Google/Facebook/Twitter credentials to any random site under the sun.

drivebycomment on Nov 14, 2020 [–]

Only type your Google password if the site is accounts.google.com.

https://www.wordfence.com/blog/2017/01/gmail-phishing-data-u...

Better yet, use FIDO.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact