Publishing Your Passwords on The Internet

Would you tell your GMail password to a friend? Your colleagues in the office? Publish it on the Internet?

If the answer to any of these is “NO“, you should turn off automatic synchronization on your Android smartphone and never use it in open Wifi networks.

The reason is that Google uses something called a “token” to allow apps your smartphone to connect to Google services like your mail box, your calendar, etc. The token is like a key on your keychain: Anyone who has the key can open the door it fits. Unlike keys on your key chain, anyone who can pick a token out of the air knows where that door is!

Related article: Catching AuthTokens in the Wild

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s