Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Google suggested for loging, my private accoun in my work laptop
28 points by mrym_rtngn 51 days ago | hide | past | favorite | 7 comments
I have never logged in to my google account in my work computer. In our work, we use google cloud and we log in to the cloud with our work email. But today when I was connecting to the cloud console from Chrome, chrome was suggesting my private account for login. I wonder how this info was there!! I couldn’t find any trace from history or cookies! Any idea how I can trace from where that recommendation came?

When you say "suggesting", do you mean the email address was auto-filling with your private email address?

If so, this autocomplete data is populated by Chrome from any other site with an 'email' form field - eg. logging into HN.

Had you taken the suggestion, it would still have asked for a password, which Chrome wouldn't have known unless you'd logged in previously, or on any other machine you sync with.

The data may come from other sources, like your phone that can be connected to both the corporate and private emails.

Sounds like you were tricked into "signing in to Chrome".

Look for "Allow Chrome sign-in. By turning this off, you can sign in to Google sites like Gmail without signing in to Chrome" in chrome://settings/syncSetup

Apple has a feature that I heard about, someone wanted to connect to the WiFi but didn't have the password, his friend was on her Mac on that WiFi network and got a prompt if she wanted to share the WiFi password to him (my guess is because they have each other on their phone books).

So if you're working from home on the same WiFi, or if your phone with the Google account has been connected to the work WiFi, Google could be thinking "Ah, they're trying to login, let's offer them their account as auto-complete!".

It's at least one speculation, who knows if they've bothered with such a thing. An idea would be to totally remove Chrome from the work laptop, reinstall it, open Developer Tools, and monitor what data comes as you're trying to login.

Have you logged on to other accounts that are owned by Google? (Youtube, Nest, etc)? Or an account for which you use Google's authentication?

Google log the MAC addresses and IP of the whole network if you ever use google support phone in that network. For example, the YouTube suggestion for the whole network is the same even after you change the network public IP by using VPN or some sort of thing.

Same 2FA backup mobile phone numbers?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact