“I just discovered what seems to me a massive security loophole. Please someone tell me if the following makes any sense.
My son was playing on my phone (Galaxy S3). He tried to purchase in app items on Subway Surfer but didn’t know the password. So, he followed the following steps to reset my password from my phone without having to enter any information about the account:
Starting from the screen after you click “buy,”
1. Click the question mark next to the password box when asked to confirm password for a purchase.
2. Click “forgot password.”
3. Click “I don’t know.”
4. Leave the selection on the page at “Confirm password reset on my Android Samsung SCH-I535 phone.”
5. Click “Yes”
6. Click “Allow Password Reset.
7. Enter and confirm new Password.
And that allowed someone with absolutely no knowledge about my Google account, and access only to my phone, to reset a new password for my entire Google account.”
Get Anyones Google Password! – This Easy!