Hacker News new | comments | show | ask | jobs | submit login

There are several reasons not to do this:

1. Unless Google can roll this out in a short timeframe to all their properties with 100% reliability, it's basically useless. If half of their login screens don't have it, there's no way for a consumer to tell the difference between a hacked site and a legitimate malfunction (such as a cleared cache, or fresh computer installation). Luckily, Google's web logins are already centralized, but people also log into Chrome, their Android devices, etc.

2. You can never remove the customization. You better be sure you want to support custom images forever, because you are committing to a promise: your customers' login screens will look exactly the same from now on. The only way to migrate away from it is to bite the bullet and deal with a ton of people who think that their browser or Google has been hacked because it's missing their custom picture.

That's too much commitment to a stopgap measure for a password form that Google wants to obsolete anyways. They'd rather have you authenticate to your browser or via a device anyways, long term.




1. Even if they roll it out to all their login pages fresh computers are still a problem (it is addressed in the article), but the current state of affairs is that "users can't tell the difference between a hacked site and a legitimate site". When this system fails it is just as bad as the current system, when it is setup it is significantly safer.

> You can never remove the customization. 2. Google can just announce they are moving away from the customized login page on their login page. The customized login page is trusted so the new information is trusted.

The customization can be framed as an extra security measure that power users who want to protect themselves from phishing attacks can setup on their home computer. Similar to the way google rolled out two-factor authentication.

>They'd rather have you authenticate to your browser or via a device anyways, long term.

Long term this is right login screens will move off of the browser, but security must be concerned about the now. Note that phishing still presents a risk on mobile device login screens. As long as your security depends on something you know, phishing attacks will be relevant, and client-side identification of trust will still be relevant.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: