Easier said than done, if your end users run Chrome. Because Chrome will automatically block your site if you’re on double secret probation.
The phishing flag usually happens because you have the Username, Password, Log In, and SSO button all on the same screen. Google wants you to have the Username field, the Log In button, and any SSO stuff on one page. Then if you input a username and go to start a password login, Google expects the SSO to disappear and be replaced by the vanilla Log In button. If you simply have all of the fields and buttons on one page, Google flags it as a phishing attempt. Like I guess they expect you to try and steal users’ Google passwords if you have a password field on the same page as a “Sign in with Google” button.
Firefox ingests Google SafeBrowsing lists.
If you are falsely flagged as phishing (like I was), then you are fucked regardless of what you use (except you use curl).
I couldnt even bypass the safebrowse warning on my Android phone in Firefox.
Easier said than done, if your end users run Chrome. Because Chrome will automatically block your site if you’re on double secret probation.
The phishing flag usually happens because you have the Username, Password, Log In, and SSO button all on the same screen. Google wants you to have the Username field, the Log In button, and any SSO stuff on one page. Then if you input a username and go to start a password login, Google expects the SSO to disappear and be replaced by the vanilla Log In button. If you simply have all of the fields and buttons on one page, Google flags it as a phishing attempt. Like I guess they expect you to try and steal users’ Google passwords if you have a password field on the same page as a “Sign in with Google” button.
Firefox ingests Google SafeBrowsing lists.
If you are falsely flagged as phishing (like I was), then you are fucked regardless of what you use (except you use curl).
I couldnt even bypass the safebrowse warning on my Android phone in Firefox.