Bypass: Google 2-Step Verification

Don’t get me wrong. Google 2-Step verification is VERY secure! Way more secure than not having it. And gmail is the most secure free email service.  But there is one flaw. According to Google, you are not supposed to be able to login and gain full access to your account with just a application specific password. Application specific passwords are designed to use with applications that aren’t compatible with 2-step verification (For example: outlook, thunderbird, sparrow, etc). But there is one flaw….Google Notifier.

Google Notifier notifies you when you get emails, it can also log you into your account (on your web browser) to check your email. To sign into this app you use a application specific password.  Therefore bypassing 2-step verification.

Requirements

Must have access to the internet

Must have gmail account

Have Google 2-step verification installed

Here is how it works…

Step 1

First download Google Notifier and install it. Once it is installed head over to google.com/accounts and create an application specific password.

Step 2

Once you have the application specific password sign into Google Notifier. Once signed in click on “Go to inbox”. This will take you directly to your gmail account.  Once you are there you have FULL ACCESS to everything and can change ANYTHING you want without having to type in a password. If after a coupole minutes it asks for a password, just click on “Go to inbox” again.  That should give you another minute or two to do whatever you like.

There are a couple of legitimate reasons for doing this. For example, you forgot your email password and don’t know the security question. Well you could just use an app like this to recover your application specific password and then log in using google notifier. Then all you would have to do is change the security question (you don’t need a password) and voila, you can recover your account by answering your new security question.

This is scary that it is that simple. Anyone could do it! If ANYONE got ahold of your computer they could gain access to your google account and get access to everything (bank account, Paypal, Facebook, etc), and you wouldn’t even know it…until it was to late!

About Michael David