Google account sign-in is not secure, as implemented

peter · October 30, 2019, 12:36pm

I am trying to sign up to Postman with my Google account. However, the Google sign-in page loads within the Postman application, so I cannot be sure that it is the real Google page. No one should log in this way because it is insecure and presents a risk of a man-in-the-middle attack.

Please provide an alternative that launches the Google sign-in in a normal browser window. This will be secure because a user can see the URL, in the browser that they trust.

Thanks,
Peter

mr.gocet · December 5, 2019, 11:26pm

Yes i have also noticed that just now when loggin in Postman with google account. I mean my creds are saved in the browser and i usually dont have to enter them again to login into third party services. Though i was asked to enter password and sms code when logging to Postman.
Cheers

Topic		Replies	Views
Can't log in using google oauth. says web browser im using does not keep my account safe Ask the Experts and Postman Tips authentication	4	1129	December 9, 2019
We need better login for 3rd party login providers (Google, Facebook) Ask the Experts and Postman Tips login	0	908	December 15, 2019
Why "Sign in Google with Google" doesn't see my existing google session? Ask the Experts and Postman Tips	1	703	June 3, 2019
Why doesn't Google trust Postman? Ask the Experts and Postman Tips	2	1036	October 25, 2019
Nov 2019 Postman App: Sign-In with Google not working Ask the Experts and Postman Tips	3	1288	December 20, 2019

Google account sign-in is not secure, as implemented

Related topics