Mitigate scenarios of credentials hijacking

[odeke-em]

Off the top of my head the simplest idea is to allow a user's credentials to be saved to a location of their choice just like you'd do after ssh-keygen, or even allow for credentials encrypting and decryption on every usage. This is an issue brought to my attention by noticing that doing a pull/push with -hidden enabled affects the credentials files. Also @bh4017 raised a scenario in an offline email in which the contents of a mounted Google drive saved on removable media if acquired by anyone would give them access to the victim's drive.
Please feel free to pitch in your thoughts.

[odeke-em]

Ooh btw it had slipped my mind to mention that at anytime you could revoke Account access to drive by logging into your email and changing the security settings. After logging in, this currently works by going to: https://security.google.com/settings/security/permissions and revoking access with the specified app.

[indragiek]

Might be a good idea to use the Keychain when running on OS X for storing OAuth tokens. Doesn't look like there are any functional open sourced libraries for accessing the Keychain via Go, but I'm assuming there's some way you can invoke the C API.

[odeke-em]

Ah I see, great idea, sounds like a plan. I also just found this https://github.com/bgentry/go-osxkeychain.