From my superficial glance at the exploit, it abuses Google’s mechanism to keep you logged in on every device you were before a password reset, so “I think” it doesn’t matter how many times you change it. I haven’t dived deeeper or checked what would be a real countermeasure other than logging out everywhere.
I’ve also marked it to check out how it might interact with passkeys and passwprd-less logins; at first sight, it could be really bad.
From my superficial glance at the exploit, it abuses Google’s mechanism to keep you logged in on every device you were before a password reset, so “I think” it doesn’t matter how many times you change it. I haven’t dived deeeper or checked what would be a real countermeasure other than logging out everywhere.
I’ve also marked it to check out how it might interact with passkeys and passwprd-less logins; at first sight, it could be really bad.