> There’s also the fact that google recently forced Javascript and specific browsers to be used in order to be able to login. So I was locked out of my account for a while until someone discovered that the “rules” are a little more lax for Firefox useragents.
There's a ton of threat mitigation and detection of unusual activities going on behind the scenes. This is a big reason why my company uses GSuite SSO - it's basically impossible to achieve a similar level of security with a DIY SSO setup. Auth is very hard to get right with all corner cases considered.
JS trickery is key to detecting bots, and blocking super-outdated browsers like Konqueror that basically lack all modern security mitigations is a reasonable thing to do (and probably allows them to remove less strict fallbacks for those browsers that were previously abused by bad actors).
> blocking super-outdated browsers like Konqueror that basically lack all modern security mitigations is a reasonable thing to do
Except they still allow browsers far more insecure, like IE. And they could do feature detection to see if the security features are implemented or not.
Blocking user-agents does nothing good for anyone.
There's a ton of threat mitigation and detection of unusual activities going on behind the scenes. This is a big reason why my company uses GSuite SSO - it's basically impossible to achieve a similar level of security with a DIY SSO setup. Auth is very hard to get right with all corner cases considered.
JS trickery is key to detecting bots, and blocking super-outdated browsers like Konqueror that basically lack all modern security mitigations is a reasonable thing to do (and probably allows them to remove less strict fallbacks for those browsers that were previously abused by bad actors).