Main Area and Open Discussion > General Software Discussion

Run a security check on your Gmail account - if not already done

(1/3) > >>

IainB:
Following the recent hacking and publishing of Gawker Media customers' (commenters') email IDs and passwords (yes, passwords - how dumb can that be?), I had been checking my Gmail account security - and I had a surprise when I did it (for details, read on).

SUGGEST YOU DO THIS WEEKLY: (if you do not already do it.)
Start up Gmail in your browser.
Near the bottom of the main Gmail page, it says something like:
Last account activity: 57 minutes ago on this computer.  Details

When you click on "Details", you get taken to a page "Activity on this account". A table gives details of the 10 latest accesses, the 1st being your current session..
If you have any open sessions (e.g., if you left sessions open from another PC connected to the account, or if someone has open sessions from unauthorised access to your account), there will be a button that says to close them. Click on that button. The button will go away and you will get something like:
"This account does not seem to be open in any other location."

Now only you are looking at the account.
EDIT 2010-12-29 1112hrs: You have momentarily shut out any other users accessing your account. The objective is to move quickly and prevent any other account users doing anything before signing in again, by which time they will not be able to sign in, because by then you should have changed the account password and security question.
--- End quote ---
Scan the table for any Browser or POP3 accesses from IP addresses that were not yours from some other location or device.
Take a screen shot of it before doing anything further, because anything you do may scroll the oldest accesses off the table.

You can check the IP addresses here: http://projecthoneypot.org/search_ip.php
It will tell you which country it is in, and whether anything suspect has been reported for that IP address recently (i.e., it is still a "bad" IP address"). If they have the IP address, but no recent reports, then it means that they have had reports in the past, but it's probably OK now.

In any event, if there are any IP addresses that were not yours (either for browser or POP3 access), then:

    * change your password immediately (make it a "strong" one);
    * change the security question;
    * SAVE all changes;
    * whilst you are at it, get a second email address in the event you need to restore access to your account, having been locked out from it.
    * whilst you are at it, set up the SMS alert.

I did all this, because, to my great surprise I had POP3 (reading current inbox messages) accesses from some US-based IP addresses. I have no idea what they were up to, but they can't do any more POP3 accesses now.
EDIT 2010-12-29 1112hrs: Because my IP address is in New Zealand, a U.S. access was categorically something unwanted or potentially malign.
--- End quote ---

Hope this is useful/helpful to someone.

mouser:
smart  :up:

wraith808:
At the bottom of the page there's also: Alert preference: Show an alert for unusual activity.

Turn this on, and it will show an alert if there is unusual activity.  I've found all on my account to be benign, i.e. my phone accesses my account from an I.P. that's located a couple of hours away from me for some reason, so a U.S. access isn't necessarily something malign.

Deozaan:
And if you do see unusual activity, don't forget to click the button that says something like "Sign out all other sessions" so they can't do anything before signing in again and by then you should have changed your password.

IainB:
@wraith808: Yes, thanks:
"...so a U.S. access isn't necessarily something malign."
--- End quote ---
I have a New Zealand IP address, which was why the US IP addresses that did a POP3 were a worry. I shall update my post to reflect this.

@Deozaan: Yes, thanks:
"...so they can't do anything before signing in again and by then you should have changed your password."
--- End quote ---
That was one of the points I was trying to make, but didn't do very well. I shall update my post to make this quite clear.

Navigation

[0] Message Index

[#] Next page