Stories
Slash Boxes
Comments

SoylentNews is people

Google Sign-in Page Now Requires JavaScript for Risk Assessment

posted by CoolHand on Thursday November 01 2018, @03:24PM   Printer-friendly
from the sounds-like-a-great-idea dept.

This story from 9to5Google submitted via IRC for chromas

Enable JS for maximum security:

October is Cybersecurity Awareness Month and Google is announcing a slew of new features related to the sign-in process and account usage. New Google Account security protections include requiring JavaScript to be enabled when logging in and removing harmful apps during Security Checkup with Play Protect.

On the Account login page, Google runs a risk assessment that only allows the "sign-in if nothing looks suspicious." This analysis to protect against phishing requires that JavaScript be enabled, with Google noting that only .1% of users have it disabled. If that is the case, you will be prompted to enable it before signing in.

Chances are, JavaScript is already enabled in your browser; it helps power lots of the websites people use everyday. But, because it may save bandwidth or help pages load more quickly, a tiny minority of our users (0.1%) choose to keep it off. This might make sense if you are reading static content, but we recommend that you keep Javascript on while signing into your Google Account so we can better protect you

Once users are signed in, the Security Checkup feature now takes into account nefarious applications installed on Android devices, with Google Play Protect leveraged. You might be prompted to uninstall any harmful apps found on your phone, while Google recently beginning to recommend that users removed unused, but logged in devices.

Also at VentureBeat, ZDNet

Original Submission

 
This discussion has been archived. No new comments can be posted.
Google Sign-in Page Now Requires JavaScript for Risk Assessment | Log In/Create an Account | Top | 55 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by zocalo on Thursday November 01 2018, @05:19PM

    by zocalo (302) on Thursday November 01 2018, @05:19PM (#756521)
    I don't have a problem with the concept, but I think this is a good opportunity to see where Google draws the line on respecting their user's preferences. OK, they want us to enable JavaScript so they can make things more secure. I'm fine with that. What I'm NOT fine with is having to do so across *.google.com (plus any relevant ccTLDs), especially since "google.com" includes their Cloud platform which can contain all kinds of crap they have no control over. I've not had a chance to look into this yet, but if they just let me just whitelist "signin.google.com" or some such in addition to the handful of other Google sites I allow scripts for and I'll consider it, but if I've got to start picking out specific scripts from semi-random hostnames in Google's CDN rather than whitelisting *.google.com then it just isn't going to happen.
    --
    UNIX? They're not even circumcised! Savages!
    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4