Jump to content
Kaspersky Support Forum

KSK log-in security and Android Chrome

Parent1

By Parent1
in Kaspersky Safe Kids

 Share

Recommended Posts

Parent1

Parent1

Posted
Posted

A warning to all parents with Android devices: I had an issue where my son seemed to be able to bypass KSK at will.  I have discovered why: Google, in its infinite wisdom, typically auto-logs you into Chrome when you activate an Android device, even if you use an alternative browser.  Once it does that, it turns out that anyone can then bypass the my.kaspersky.com account log in requirements by just clicking on "login using Google".  Clicking on that sent me immediately into my account settings without asking for a password or activating 2FA.  As you can imagine, once you get to that page, you can change any setting you want.  

To avoid this, you need to logout of Chrome, clear cookies and cache, and disable Chrome auto sign-in (it's under "Google Services" in your Settings menu).  Thanks for quietly introducing a massive security hole, Google!  

Flood and Flood's wife

Flood and Flood's wife

Posted
Posted (edited)

Hello @Parent1

Welcome!

  1. Is this on (your) son's android phone, with KSK configured for the child profile? 
  2. Does your son have his own Google Chrome account? 
  3. Is (your) MyKaspersky Google email address the same as the email address you use to log into MyKaspersky & configure KSK? 
  4. Has 2FA been configured for the Google email address that your son used to by-pass the login? 

Please post back? 

Thank you?
Flood?+?

Edited by Flood and Flood's wife
  • 2 weeks later...
Parent1

Parent1

Posted
  • Author
Posted

1.  No, this was my device.  My son would occasionally ask me to use my phone for various reasons, and now I know why he really was asking for this.  

2. Yes

3. This is a bit complex, but the e-mail address for my Android account is not my Gmail address.  However, it is the same e-mail as I use for Kaspersky. 

4.  It wouldn't have mattered as the email address I use to log-in to Android is not a Gmail account.  

  • Thanks 1
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

Hello @Parent1

Thank you for the update!

We'd like to test to see where there's an exposure, are you able to share with us the email address type please? 

Thank you?
Flood?+?

  • 1 month later...
samwinchester

samwinchester

Posted
Posted
В 14.02.2023 в 08:17, Parent1 сказал:

It's a Yahoo account.  

I think yes

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...