If you’re serious about security, you’re probably by now using Oauth to login to your email (or other accounts) instead of login/password pair. In face, Gsuite just announced that they’re deprecating login/password authentication. Here’s some disturbing news, however. It appears that there are some bad actors that have figured out a way to get around Oauth. Check out this post from bleeping computer.
