
Ask HN: What info someone can access if they know my Gmail password? - sarathyweb
Today, our placement cell of University forwarded a message about the recruitment process of a company<p>The company asked the students to create a account on their website with the same password of their personal email ID in their message.<p>Here&#x27;s the message<p><pre><code>  Hi,
  Please find attached the 
  [Company Name] Application 
  Process Guide and 
  instruction below. Please 
  request students to go there 
  the instruction and attached 
  ppt before taking the test.
 
  Please ask them to use 
  Chrome to access the link 
  for test and once they open 
  Chrome they have to 
  type [Registration Link]   
  and start registering please 
  ask them to keep trying to 
  login twice or thrice if 
  they face any error&#x2F;problem.
 
  Note: Please ask them to 
  give their respective roll 
  number as user name and let 
  the password be the one 
  which they use for their 
  personal mail to access. 
  They have to give only their 
  personal email id while 
  registering and not their 
  college id because all the 
  test links will be set to 
  their personal email id 
  only.
</code></pre>
Majority of the students are using Gmail. So, what information they can access if they know my Gmail password?
======
elmerfud
It depends how many Google services you use but it could be a lot. This could
be your mail, your docs, calendar, messenger, voice, etc... Plus other
services that use Google auth.

This request seems very improper for them to request that you set a password
the same as their personal email. This actually violates security best
practices. I would be very suspicious of why they are requesting this. Also
that they specifically state that the registration process may encounter
errors and to keep doing it is also suspicious. Are you sure this is a
legitimate request? It appears to me a phishing attempt to me.

If this is legitimate, this company and your University need to be named so
others can avoid these kind of bad practices.

~~~
sarathyweb
Yes I'm sure this is a legitimate request. This message was sent by the
officials of the college's placement cell

~~~
verdverm
Are you sure it was sent by them? What if they have given out their email
passwords.

You should never have to provide your password. Setup 2FA.

------
duiker101
I'd answer that giving out password is a security breach and they need to
rework their process. Honestly, if they actually are asking for that, I
wouldn't want to work with them.

------
greg_a
That's weird they ask for that.

You can setup a 2FA so that they would need access to your phone as well.

Also, make sure that the email is legit. It could be an attempt to gain access
to your account.

------
GrumpyNl
Wow, normally you only see this in mails from Nigeria.

