

GMAIL Passwords on GitHub - tawrahim

Its a bit of shame how our developer community handles password. I feel we should know better but unfortunately we are terrible at it. To send an email from your app you simply need to provide a few parameters (username, password) and you are golden. The only thing is that developers commit this sensitive information on github. I simply searched for the term &quot;smtp.gmail.com&quot; on github and bam loads of passwords! My observations,<p>* I tried to login to some of the accounts and gmail asked me to verify who I was. 
* Ruby community seems to be good about storing those details in the ENV<p>Case in point - NEVER DO THIS.<p>https:&#x2F;&#x2F;github.com&#x2F;search?l=java&amp;p=96&amp;q=smtp.gmail.com&amp;type=Code&amp;utf8=%E2%9C%93
======
esaym
At least for me, since I have a second 3rd party email registered with gmail,
if a new device logs in, I will get an email saying there was a new login. 2
factor auth is even better, but a little more of a hassle.

