[nickweb]

It seems unsafe to me to be passing your username and password over the open every second day. Especially one that links to Google - which for the majority of people is their life.

As a side note - will the recent announcement by Google about unsafe logins being denied affect you?

[ignoramous]

In the open? I believe u:pwd is HTTP Basic Auth, which is not "in the open" when over TLS.

https://en.wikipedia.org/wiki/Basic_access_authentication#Se...

[tehbeard]

~~It's still passing credentials for the entire account, rather than something explicity scoped to "just update these A records, and these A records only".~~

~~Also as the parent noted, Google have the last few years been very aggressive about "unsafe login" (using usr+pass outside of Google) and this might disappear.~~

Edit: Never mind, buried in the docs it appears the user:pass are scoped.

[jffry]

In this case, the username and password are NOT your Google credentials. When you set up a dynamic DNS subdomain in Google Domains, it autogenerates a username/password pair that is unique to that subdomain, and that's what you use.

https://support.google.com/domains/answer/6147083?hl=en&ref_...