It's funny that how author simply ignores the massive underlying changes in Vista such as UAC, integrity levels and outcome of all these changes. and believes that Vista was mostly about GUI.
But if you are someone who keeps cracking into gmail account you will just workaround it (easiest way I assume will be disabling Javascript?) if you go further you can just firewall everything except gmail, or use a proxy to remove this protection on the fly.
Even though this will provide some benefit against a serial cracker this will be useless at the end.
You are right, this will work only if the gadget is enabled. Its a protection against simple password attacks. If google makes this a "privileged" app (like chat, etc) such that this always runs, it would be better.
A simpler way to work around this is to switch to Gadget mode. This certainly is a limitation. Any ideas to overcome this ?
Hence, if there is a way to ensure that the gadget always runs before gmail loads, this would become 100% secure.
This is definately not a "total" solution as the gadget can be disabled. Things like Basic mode wont have the gadget, and the serial cracker can get into that. Any ideas on how to prevent that ?
There is well known old honeypot trick. using webbugs in a juicy mail stored in the gmail. This e-mail can be stored with label such as "passwords". When the attacker looks at it, it will load a remote image, and now you know, someone from an IP address just seen your e-mail.
