Google has introduced a new feature called Restore Credentials which saves your app login info and restores it seamlessly on new devices.
Google has introduced a new feature called Restore Credentials which saves your app login info and restores it seamlessly on new devices.
That is not true for 99% services including google. Google have a plain text password at the time you are logging in, they just store hashed+salted version in storage.
(Almost) No website (or app) is hashing the password before sending it to server, so if you hack the login screen you can dump RAW passwords anytime.
You are right. I have done some research, it seems most people think that client side hashing is unnecessary in an HTTPS setting.
That is my misunderstanding.