GMAIL Passwords on GitHub
Its a bit of shame how our developer community handles password. I feel we should know better but unfortunately we are terrible at it. To send an email from your app you simply need to provide a few parameters (username, password) and you are golden. The only thing is that developers commit this sensitive information on github. I simply searched for the term "smtp.gmail.com" on github and bam loads of passwords! My observations,
* I tried to login to some of the accounts and gmail asked me to verify who I was. * Ruby community seems to be good about storing those details in the ENV
Case in point - NEVER DO THIS.
https://github.com/search?l=java&p=96&q=smtp.gmail.com&type=Code&utf8=%E2%9C%93 At least for me, since I have a second 3rd party email registered with gmail, if a new device logs in, I will get an email saying there was a new login. 2 factor auth is even better, but a little more of a hassle.