What would happen if Google suddenly forgot to check your password?

By on

Screen Shot 2014-01-17 at 7.45.59 pm

We’re all familiar with how a login page works. We type in a username and password, and possibly a code sent to our phones, to a form. We click the submit button, and all of that data is sent to a server. That data is checked to a database, and if it matches, it will let you in. But imagine this scenario: what would happen if suddenly, Google didn’t check your password? What would happen if Google simply let anyone into your account with a wrong or no password at all?

The talk – by UK geek comedian/presenter/programmer Tom Scott – is all about the “single point of failure” in our online lives, where we all have that one lynchpin that all of our accounts hang onto. For many of us, our “single point of failure” is our email account. Imagine what accounts you have are connected to it. Your Twitter account, Facebook profile, Google Drive, Dropbox, PayPal, YouTube, iCloud, and even your Android device – all are probably linked to one email address. They don’t need your password on those accounts. If they have control of your email account, all they need to do is send a “forgot my password” request and get a new one.

And while it is entirely fictional, there is an element of truth to it. For instance, the idea that a login form would simply let you in to anyone’s account without a password check has happened before – in 2011 with Dropbox.

You can watch the video below – and I highly suggest you do.

Join the Conversation