ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Run a security check on your Gmail account - if not already done

<< < (3/3)

IainB:
A reminder to run that security check.
I revived this thread because something similar just cropped up. Some years back, I had set up a Gmail account that is shared with several other users. It was a bit of an experiment and is used like a Google Group for us all to communicate on issues of common interest, but avoids all the fussing-about with administering a Google Group. Security is not a real issue, and the password was unchanged from the original - a string of several numeric digits, based on part of the phone number of one of the members.

This is the sequence of events:

* 1. Email warning received today from Google accounts admin.:
Hi XXXX,
Someone recently used your password to try to sign in to your Google Account [email protected] This person was using an application such as an email, client or mobile device.
We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:

* Monday, 7 October 2013 14:11:58 o'clock UTC
* IP Address: xxx.xx.xxx.xx (xxx-xx-xxx-xx.aaaaaa.xxxxxx.co.nz.)
* Location: Auckland, New ZealandIf you do not recognise this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset your password immediately.
____________________________

--- End quote ---


* 2. I signed in to the Gmail account. A similar warning popped up recommending a password reset because:
03:11 Application/device sign-in attempt (prevented).
--- End quote ---


* 3. I checked "recent activity" on the Gmail account (per the procedure described in the opening post). The hack attempt apparently had been noted as it came from an unusual device (one we had not used before) and it failed one of the (very useful!) secondary verification challenges that has been introduced to Gmail since we set up the account.


* 4. I generated a new and much higher-strength password, using LastPass, and set that PW.


* 5. I logged out of all sessions.


* 6. I Logged out of the Gmail account and then logged in again to check it had all worked OK.


* 7. I checked WHOIS and made a note of the email address (from WHOIS screenclip) at the ISP to notify of the hack attempt from an IP address in their domain.

wraith808:
You can also turn on 2-stage authentication.  It works really well.

IainB:
You can also turn on 2-stage authentication.  It works really well.
-wraith808 (October 08, 2013, 09:30 AM)
--- End quote ---
+1 - absolutely - kudos to Google - that's why I wrote:
The hack attempt apparently had been noted as it came from an unusual device (one we had not used before) and it failed one of the (very useful!) secondary verification challenges that has been introduced to Gmail since we set up the account.
--- End quote ---

Navigation

[0] Message Index

[*] Previous page

Go to full version