And the best answers to those "security questions" used as an alternative to 2-factor are made-up!
It's far too easy to find your real mother's maiden name, schools, old addresses, etc. Chook January 12, at pm Using an easy to use App for Gmail 'might' be an alternative. I say might because I'm no web security guru.
It looks like this is done on a browser level where the address is not the real Gmail address, using an App, I guess would avoid this. Lauren Barnes January 13, at am I fell for this the other day I did change my password. Is there anything else I can do? Most of us, young and old, too, should be able to handle looking for the green lock.
It's the ounce of prevention. This means that all apps need to ask for your permission again before they have access to your data so your google account would be safe again. If the attackers gained access to other services by resetting your password then changing your google password would not have any effect so its probably a good idea to change all your passwords. Sash January 14, at am I bet ur kids already know. If not, they are prolly too young and shouldn't login anywhere anyways at least not without supervision.
Beamrun January 14, at pm You can enable 2-step verification for them. Berrie Pelser January 12, at am Wow thx! Alan Gunn January 12, at am I suspect the answer was vague and unhelpful because it was made by Google mail help staff. Google mail support cannot change the way the browser address bar responds to secure and insecure URLs. Other parts of the google group that support Chrome might be interested in implementing these features on Chrome and they could also probably influence other browser suppliers directly or indirectly to implement similar features on their browsers.
Daniel January 12, at am Why would a 'technical user' not be using 2 factor??? StanG January 12, at am Because for my private use of services that do not involve money it's too much of a hassle. Besides, I'm confident in my ability to recognize a phishing attempt however good it is, as long as the browser shows me all I need to know in the address bar lock, protocol, domain. Someone January 16, at am "Too much of a hassle? You email is the single point of failure for all other accounts - if your email is compromised then an attacker can trivially gain access to and remove your access from any other account associated with that email address.
Emanuel Costa January 13, at am You got it.
And nowadays 2 way Auth isn't just for the tech savvy people. Hopefully it's not repeated on other sites, but you know These things can happen. Mike January 25, at pm I would consider myself a technical user that does not use 2factor. Short answer: Privacy.
I have several gmail accounts that are only accessed through different SSH proxies i. My phone number is only tied to a single account which I use on my phone. I connect to that account through the same proxy every time.
My other accounts I connect to on other proxies. The reason for this is so that Google cannot correlate the different accounts as all belonging to the same user. V K Rajagopalan January 12, at am I think, generally people do not pay such in-depth attention to the address bar, hence these hackers have become so effective. Aaron January 12, at am Thank you for the article. It's really important. Thank you once again!
Tom Andersen January 12, at am I would love a browser setting to only allow forms to be filled in on https sites with real certificates. Brother Tony O January 12, at pm Seems like an obvious feature now that I've read your comment.
Hopefully, the right people pay attention to you. Donna Perry January 12, at am I just wanted to leave this comment of appreciation for your service. Although right now I'm not financially able to upgrade to the full version of your plugin I do see the value of your services.
I'm not real technical savvy I do read your alerts and post which helps me understand some things. Keep up the great work.
Paul January 12, at am Thanks Mark! I'd like to say this wouldn't fool me, but if I was distracted Nadine N. Bone January 12, at am Thanks for sharing this detailed update, this is very helpful! Grant January 12, at am This is very similar to how eBay phishing campaigns work. For example: you receive an official looking inquiry on an existing note: public auction you are running, and click the "Respond Now" button.
The combination of recent and familiar data with the official look is tricky. This a great reason to never click links in emails out of convenience. Just navigate to the website or service manually on you own i. For many, that's a hard habit to break.
Charles Tryon January 12, at am Where the "don't click on links in email" breaks down is when you click on what appears to be an email attachment for a recognized image or file from a trusted source.
This isn't just an obvious "Click here to log into your bank account". You are expecting to see the file, and instead, get a "Please log in to your account again. Loughlin McSweeney January 12, at am Thanks so much for the heads up on this. This is a clever phish, I could see myself falling for this. Not now though. Thanks again. Etienne January 12, at am Great post!
Thanks for that! How can I know if my account has been hacked?
Russian Secret - 3:the practice of scanning the future, or how to avoid danger? (book 1) - Kindle edition by Sergey Matyushkov. Download it once and read it on. Re:russian secret 3the practice of scanning the future or how to avoid danger book future or how to avoid danger book 1 is the key book of Russian Secret - 3the kids ages Russian picture book Russian words - Russian books for kids.
Do you know how to check that? Don't be surprised if you were hacked in a data breach at some point. Just make sure you have changed all passwords since then and enabled two-factor. The site is run by Troy Hunt who is a reputable security analyst, so don't worry about entering in your email. It's a trustworthy site. Etienne January 13, at am Thanks!!
Mark Maunder January 17, at am Works for me.