From my superficial glance at the exploit, it abuses Google’s mechanism to keep you logged in on every device you were before a password reset, so “I think” it doesn’t matter how many times you change it. I haven’t dived deeeper or checked what would be a real countermeasure other than logging out everywhere.
I’ve also marked it to check out how it might interact with passkeys and password-less logins; at first sight, it could be really bad.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@beehaw.org
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
From my superficial glance at the exploit, it abuses Google’s mechanism to keep you logged in on every device you were before a password reset, so “I think” it doesn’t matter how many times you change it. I haven’t dived deeeper or checked what would be a real countermeasure other than logging out everywhere.
I’ve also marked it to check out how it might interact with passkeys and password-less logins; at first sight, it could be really bad.
deleted by creator