You might remember just a few months ago when a “Google Docs” spam message was wreaking havoc throughout the Googlesphere. That phishing attempt relied on a malicious plugin that simply called itself “Google Docs” to try and convince users to click. Once clicked, the plugin asked users to log in via their Google credentials, and that’s when the problems really started. Google is taking additional steps to add protections to prevent these types of phishing attacks in the future. Simply put, browser plugins will be more rigorously vetted under the new system.
Google previously tightened its developer registration systems shortly after the “Google Docs” incident in order to reduce the chances of a rogue plugin getting through. This most recent update adds additional protections by prompting users when any unverified apps or plugins are attempting to access their data. Users are still able to provide access to these plugins, they’ll just need to jump through significantly more hoops in order to do so.
As you can see, there are a minimum of three extra steps required even after you’ve initially allowed access, making it exceedingly difficult to accidentally proceed in this instance. Requiring that the user type a passphrase in order to continue adds an additional layer of complexity to the process, meaning you can’t just keep tapping through. Google believes these new protections ought to significantly reduce the chances of a repeat of “Google Docs.”
What do you think about these new phishing protections? Do they go far enough, or is there anything more you’d like Google to do to better protect your data? Let us know in the comments below or on Google+, Twitter, or Facebook.