
Guidance to developers affected by our effort to block less secure browsers/apps - andybak
https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html
======
andybak
This was just posted with a heavily editorialized title ("Google announces
plan to break password managers in name of security") and promptly flagged.

However - I think it's worth having a discussion about this. I don't see the
issue.

Can someone explain? Embedded browsers are a terrible way to offer 3rd party
oAuth login. Apps _should_ redirect to a browser for the login flow.

Anything else trains users that typing their password for company A into an
app from company B is fine. And surely that means phishing becomes trivial.

On the original post the comment was:

> Key Quote: > > The browser must not provide automation features. This
> includes scripts that automate keystrokes or clicks, especially to perform
> automatic sign-ins.

