{"id":13778,"date":"2018-11-07T09:10:11","date_gmt":"2018-11-07T17:10:11","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/11\/07\/news-7545\/"},"modified":"2018-11-07T09:10:11","modified_gmt":"2018-11-07T17:10:11","slug":"news-7545","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/11\/07\/news-7545\/","title":{"rendered":"Google logins: JavaScript now required"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Wed, 07 Nov 2018 16:00:00 +0000<\/strong><\/p>\n

Google users: In news that may sound alarming, it is now a requirement for you to enable JavaScript.<\/p>\n

Why? When your username and password are entered on Google\u2019s sign-in page, Google runs a risk assessment and only allows the sign-in if nothing looks suspicious. Recently, Google went about improving this analysis and now requires JavaScript in order to run their assessment. Want to use some of those comprehensive security enhancements for your account? Then JavaScript must be enabled<\/a>, or you won\u2019t be able to log in.\u00a0JavaScript is now your forever friend.<\/p>\n

What is JavaScript?<\/h3>\n

If you use websites such as portals or social media platforms, you likely run into JavaScript all the time. It\u2019s a programming language<\/a> used for all sorts of interactive effects in games and basic operations like logins. It ticks away in the background alongside cascading style sheets and HTML for a solid browsing experience.<\/p>\n

It\u2019s now a core slice of the Google login pie, and you will absolutely have to try a slice.<\/p>\n

What has changed?<\/h3>\n

When using the Google sign-in page, you won’t get any further if you have JavaScript disabled. This could be frustrating for some users, given how much important data can be stored in a Google account. Why has the drawbridge come up? In a nutshell, to keep you safe from the many scams and attacks aimed at Google users.<\/p>\n

Google accounts have a whole variety of safety measures to keep would-be compromisers out. If someone manages to obtain your password and tries to sign in as you, Google runs some checks. If they flag certain unusual activity, such as logins from another country, they\u2019ll request additional verification.<\/p>\n

Google can\u2019t do any of this without JavaScript up and running, so moving forward you\u2019ll have to switch it on<\/a>.<\/p>\n

Is this a problem?<\/h3>\n

I mean\u2026no, I don\u2019t think it is. JavaScript shows up in a lot of attacks<\/a>, and we don’t want anybody becoming complacent. It is, however, possible to impede your own preferred browsing behaviour unnecessarily.<\/p>\n

There\u2019s one school of security thinking which is a little like security nihilism. Essentially, everything is a threat and we must reduce the attack surface. Okay, fine. The problem is, for some, this turns into a game of \u201cremove absolutely everything from the device.\u201d At what point do we stop and look in wonder at our expensive, utterly non-functional box?<\/p>\n

You probably have JavaScript enabled right now, unless you\u2019re highly security-centric or super keen on having the fastest loading times possible. It\u2019s usually one of the most common complaints related to script blocker extensions. \u201cI blocked them, and nothing works. Now what?\u201d<\/p>\n

The Sun has the blocker fired directly into its heart, that’s what. If you want to strip out the functionality of browsers, there is always going to be a price to pay. For example, the earliest ad blocker\/script blocker tools often made everything nigh on unusable. Thankfully, ad blockers have stepped up their game<\/a> and are now part of a healthy, balanced cybersecurity hygiene routine.<\/p>\n

Good news, the choice is easy<\/h3>\n

Google estimates the impact of their new JavaScript requirement is likely to be small\u2014supposedly only 0.1 percent of their users have it switched off. At this point, they\u2019re going to have to make a choice.<\/p>\n

This isn\u2019t a stark \u201cone thing or the other\u201d decision. There\u2019s absolutely nothing preventing someone from enabling JavaScript purely for logins, then switching off afterwards. Yes, there are JavaScript exploits out there, but there\u2019s an exploit for pretty much everything anyway. You are unlikely to hit any sort of trouble switching it on just to sign in.<\/p>\n

As was mentioned on the Daily Swig blog<\/a>, surfers such as those using TOR are likely to be the most impacted. If you\u2019re on TOR and trying to use Google services, you may have to force yourself to switch. If you still won\u2019t use an alternate browser for Googling, perhaps\u00a0ultimately, you may have to find\u00a0another provider.<\/span><\/p>\n

For everyone else, this is a good thing and will help keep your accounts more secure in the long run.<\/p>\n

The post Google logins: JavaScript now required<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Wed, 07 Nov 2018 16:00:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
Google now requires users to enable JavaScript before logging in for extra security measures. But wait, hasn’t JavaScript been used in cyberattacks? We take a look at the impact of Google’s decision.<\/p>\n

Categories: <\/p>\n