KSK log-in security and Android Chrome


A warning to all parents with Android devices: I had an issue where my son seemed to be able to bypass KSK at will.  I have discovered why: Google, in its infinite wisdom, typically auto-logs you into Chrome when you activate an Android device, even if you use an alternative browser.  Once it does that, it turns out that anyone can then bypass the my.kaspersky.com account log in requirements by just clicking on "login using Google".  Clicking on that sent me immediately into my account settings without asking for a password or activating 2FA.  As you can imagine, once you get to that page, you can change any setting you want.  

To avoid this, you need to logout of Chrome, clear cookies and cache, and disable Chrome auto sign-in (it's under "Google Services" in your Settings menu).  Thanks for quietly introducing a massive security hole, Google!  

Hello @Parent1


  1. Is this on (your) son's android phone, with KSK configured for the child profile? 
  2. Does your son have his own Google Chrome account? 
  3. Is (your) MyKaspersky Google email address the same as the email address you use to log into MyKaspersky & configure KSK? 
  4. Has 2FA been configured for the Google email address that your son used to by-pass the login? 

Please post back? 

Thank you?

Edited by Flood and Flood's wife
1.  No, this was my device.  My son would occasionally ask me to use my phone for various reasons, and now I know why he really was asking for this.  

2. Yes

3. This is a bit complex, but the e-mail address for my Android account is not my Gmail address.  However, it is the same e-mail as I use for Kaspersky. 

4.  It wouldn't have mattered as the email address I use to log-in to Android is not a Gmail account.  

  • Thanks 1
  • Create New...