Herald reporting Gmail hacking - http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11784422
I don't usually trust their reporting so has anyone experienced this yet or think it sounds correct?
Herald reporting Gmail hacking - http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11784422
I don't usually trust their reporting so has anyone experienced this yet or think it sounds correct?
![]() ![]() |
Erm... so apparently these so called "experienced technical users" don't have 2FA turned on? And happily enter their credentials into a popup that opens after clicking an email attachment. I'd suggest these "experienced technical users" are in fact neither experienced nor technical.
"I was born not knowing and have had only a little time to change that here and there." | Electric Kiwi | Sharesies
- Richard Feynman
I'm a very experienced technical user who does quite a bit of security work. I don't have 2FA turned on for Google because I find it a PTA and continual prompting for credentials gets annoying. I have 2FA on for AWS, Amazon, and a few other things. So I don't think it's fair that no 2FA = idiot.
I should probably turn it on though, and I will if someone can tell me Google / Gmail doesn't constantly prompt for it.
I have it turned on and the only time I get re-prompted is if I clear cookies or use a new browser or phone. What is annoying is crap apps on the phone that use their own in-app browser to do the oauth connection to things - mainly facebook I get that issue with but have seen it on my google account once.
timmmay: I find it a PTA and continual prompting for credentials gets annoying.
Bingo. I turned it on for my Apple account, then turned it back off again after getting prompted every single time I tried to get into my account from the same computer on the same static IP address.
timmmay:
I'm a very experienced technical user who does quite a bit of security work. I don't have 2FA turned on for Google because I find it a PTA and continual prompting for credentials gets annoying. I have 2FA on for AWS, Amazon, and a few other things. So I don't think it's fair that no 2FA = idiot.
I should probably turn it on though, and I will if someone can tell me Google / Gmail doesn't constantly prompt for it.
Like you I don't have it on for gmail, as it is a PITA, although I do for things like lastpass. But perhaps it is time to use it, as the whole login system of logging in is outdated and has security issues, and belongs in the past. There needs to be a new system.
Mine prompts on a login from a new device, but pretty much every time I tick the "do not prompt for this device again" option and it doesn't do it again for that device\browser.
( But would you also put your gmail credentials into a popup that opened after clicking an email attachment? :) )
"I was born not knowing and have had only a little time to change that here and there." | Electric Kiwi | Sharesies
- Richard Feynman
Given I was sent an email the other night that 'Someone has my password'
And in my security logs stated a device from Sweden had used my credentials but been blocked. Needless to say 2FA was enabled. No phishing etc however, so god knows how they got it. Other than possibly of my apps being reported as logging in with it that have google acct login permission
Oblivian:Given I was sent an email the other night that 'Someone has my password'
And in my security logs stated a device from Sweden had used my credentials but been blocked. Needless to say 2FA was enabled. No phishing etc however, so god knows how they got it. Other than possibly of my apps being reported as logging in with it that have google acct login permission
Well I turned Google 2FA on, and so far not too much trouble. Thunderbird/Outlook/Email clients need an app password (phone, tablet, work computer, etc), which you get from the Google security console. So far less annoying than expected.
Gmail is probably the most important service for me to protect - it's literally the master for most of what I do. If my gmail got pwned they would have the details of almost every other online service I use, and the ability to reset the passwords on many of them. I definitely want as much protection on it as I can get :)
"I was born not knowing and have had only a little time to change that here and there." | Electric Kiwi | Sharesies
- Richard Feynman
Horseychick:
Herald reporting Gmail hacking - http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11784422
I don't usually trust their reporting so has anyone experienced this yet or think it sounds correct?
It came from the Daily Mail. Nuff said.
Oblivian:Given I was sent an email the other night that 'Someone has my password'
And in my security logs stated a device from Sweden had used my credentials but been blocked. Needless to say 2FA was enabled. No phishing etc however, so god knows how they got it. Other than possibly of my apps being reported as logging in with it that have google acct login permission
Cool, lets click on links in email attachments, and then enter our gmail user and password details into the popup.
Something that neither an experienced or technical user would do. If they do, then they are neither. And stupid.
Muppets on Computers. Actually, that's probably insulting muppets. I like muppets.
My thoughts are no longer my own and is probably representative of our media-controlled government
![]() ![]() |