This morning a smart user alerted me about a security issue in using Google/Gmail to access to the Passpack account.
I analyzed it and I discovered that Google has changed how Gmail authentication works, causing the library we use to fail. As result of this, we are preparing to support Google Friend Connect. In the meantime, it will not possible to create new accounts via Google or Gmail, but only to access to existing ones.
How the interface changes.
Instead of two fields, the Gmail address and the Password, you will only have one: the Gmail address. Please note that this will work only with existing accounts and it will not possible to create new accounts via Google/Gmail.
And about security?
When you type your Gmail address, Passpack will check if it exists and that a Passpack account is associated to it. If so, you will be asked for your Packing Key. As you probably know, only if the hash of the Packing Key is correct you receive your encrypted data. So the first step is just a way to recognize who you say you are. The second, the request of the Packing Key, guarantees the security of the access. Also, if you didn’t set a Welcome Messsage, in order to safeguard your privacy, the welcome screen will show your Gmail email address without the “@gmail.com” suffix instead of your Passpack ID.
The next step.
Once the Google Friend Connect support is ready, you will be able to associate it to your account. UPDATE Google Friend Connect is ready. Please follow these instructions to associate it to your account. You should also remove the current Google/Gmail association as we will phase it out quickly.