Gmail security

kwikbreaks · 21 June 2011 at 11:56AM

Not sure if this is good or bad...

This morning when I logged into gmail a popup warning said my account my have been accessed by a third party.

It showed a list of IPs accessing the account and one from Spain looked decidedly dodgy so I immediately changed my google account password.

I then looked closer. The access was two days ago so the warning was way too late to be of any use. I then checked the IP and found it was registered to FON and was located in the UK. I run my own FON hotspot and had been playing with the WiFi on my main AP so my phone would probably have logged into my FON and accessed my mail.

So panic over. Now the question..

It's nice to see that google monitor accesses and warn you if something odd is detected but given it took 2 days for the warning to appear how useful is it?

At least it prodded me into changing the password which has been the same for probably a year now as I'm rather lax at changing paswords.

Aubs · 21 June 2011 at 12:50PM

I see your concern that it took quite a while to warn you. I'm going to try logging on to it from a couple of other random international locations and see if I get a message!

You can view the last recent activity on your gmail account by following the link at the very bottom. Something similar to:

Last account activity: 44 minutes ago on this computer. Details

S0litaire · 21 June 2011 at 1:15PM

if you're worried then Gmail have a "2 step" verification option for logging on: https://www.google.com/accounts/SmsAuthConfig

Basically when you log on it asks for a password and a code (the code is sent vis SMS to your mobile) it's slower than just logging on
but it stops people accessing your account even if they get your password.

jayme1 · 21 June 2011 at 1:24PM

S0litaire wrote: »

if you're worried then Gmail have a "2 step" verification option for logging on: https://www.google.com/accounts/SmsAuthConfig

Basically when you log on it asks for a password and a code (the code is sent vis SMS to your mobile) it's slower than just logging on
but it stops people accessing your account even if they get your password.

you don't even have to have it sent by SMS, if you have an android phone, or an iOS device (iPhone, iPad, iPod touch) then there is an app that gives you the code (and is completely offline ie no internet connection required)
link

when you say it took 2 days to tell you about the IP address did you actually log into gmail in those 2 days? or did you just use an email client (that woudnt be able to tell you of a different IP address).
plus at least google gives some warning at all which is better than the other free email accounts do.

S0litaire · 21 June 2011 at 1:27PM

oops! never noticed the app option! lol

Deal-Hunter_2 · 21 June 2011 at 1:37PM

Had this happen to me once as well, although it took about 12h rather than 2 days. Is it possible you just didn't log on for 2 days and it notified you the next time you logged on?

kwikbreaks · 21 June 2011 at 1:57PM

jayme1 wrote: »

when you say it took 2 days to tell you about the IP address did you actually log into gmail in those 2 days? or did you just use an email client (that woudnt be able to tell you of a different IP address).
plus at least google gives some warning at all which is better than the other free email accounts do.

I use gmail as native webmail every day. The only client is the one on my android phone.

I'm not worried in the least as I know what the supposed rogue access was.

Yes at least they give you some warning but it took rather too long to be useful imo.

Aubs · 21 June 2011 at 2:07PM

Aubs wrote: »

... I'm going to try logging on to it from a couple of other random international locations and see if I get a message!

Recent activity:

Access Type    Location (IP address)             Date/Time
Browser*       United Kingdom (89.192.xxx.xxx)   14:01 (0 minutes ago)
Browser        Sweden (85.224.xxx.xxx)           14:01 (0 minutes ago)
Browser        United States (74.120.xxx.xxx)    14:00 (0 minutes ago)
Browser        Russia (89.169.xxx.xxx)           13:58 (2 minutes ago)
Browser        Germany (78.31.xxx.xxx)           13:58 (3 minutes ago)
Browser        Sweden (85.224.xxx.xxx)           13:56 (4 minutes ago)
Browser        Germany (217.20.xxx.xxx)          13:55 (6 minutes ago)
Browser        Germany (81.210.xxx.xxx)          13:52 (9 minutes ago)
Browser        Netherlands (194.145.xxx.xxx)     13:50 (11 minutes ago)
Browser        France (188.165.xxx.xxx)          13:47 (14 minutes ago)

Hopefully the fact that I have viewed the activity list will not mean I don't get a message. Will have to see.

paddyrg · 21 June 2011 at 2:33PM

I strongly suggest using 2FA - I use it for all my Google account stuff as I log on from all kinds of places and it helps make sure I'm safe from keyloggers, etc. The app on your phone means you just type in a 6-digit number whenever you use a new machine/IP address. On your home/safe/main machine you can have the code last for 30 days.

If I posted my password here, you'd still be out of luck unless you also had my phone.

There is also the option of printing yourself a pad of one-time codes for emergencies - you can keep one in your wallet, or back at home, just in case you do lose your phone you still have access to your gmail and can set up the 2fa again properly.

Gmail security

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free