my gmail hacked?

JMP said:
I had 2-step authentication on my account. I then one day decided to change my gmail password via the web interface from a PC. I expected to get a notification on my android phone that I need to enter the new password. This however did not happen and I still received push gmail on my phone! I changed the password again and still the phone had full access to my gmail account. In the end I removed 2-step authentication via a PC web browser, logged out all other sessions and removed authorised devices from my account and only after a reboot of the phone was I prompted to provide the new password. I feel 2-step verification may be a security risk if your phone gets stolen although I am no expert on this but I was very surprised by the fact that changing your gmail password does not log your android phone out of the account.
Perhaps someone else can shed some light here? I mean its not like you can send an sms to your stolen phone asking the thief to please reboot the thing for you.
Click to expand...

My guess is that your Android phone was logged into your gmail via an authorized password (which is used for devices and applications that are not two-step verification compatible). In this case changing your gmail password has no effect as the phone is still authorized...
 
JMP said:
I had 2-step authentication on my account. I then one day decided to change my gmail password via the web interface from a PC. I expected to get a notification on my android phone that I need to enter the new password. This however did not happen and I still received push gmail on my phone! I changed the password again and still the phone had full access to my gmail account. In the end I removed 2-step authentication via a PC web browser, logged out all other sessions and removed authorised devices from my account and only after a reboot of the phone was I prompted to provide the new password. I feel 2-step verification may be a security risk if your phone gets stolen although I am no expert on this but I was very surprised by the fact that changing your gmail password does not log your android phone out of the account.
Perhaps someone else can shed some light here? I mean its not like you can send an sms to your stolen phone asking the thief to please reboot the thing for you.
Click to expand...

Lemme guess you didnt read the site info properly

With 2 step authentication your phone stop using the Google username and password, instead you have to Generate a one time password that the device/application can use till you revoke it.

See http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056286

If you change your main log on password, it wont affect the generated passwords, you have to manually remove them and new ones to force them to change. But if anyone from anywhere else try to log onto your account they will need your current gmail password and the key that the authenticator on your phone gives out.
 
Kgabogk said:
you are giving me hope,gmail is my primary email,i can't quantify the damage that someone would do if my pssword has been compromised,iwill use the mail widget on my phone and see if i can reproduce this alert
Click to expand...

I am not giving you hope. I am giving you the fact. A simple example can clarify it. Login to your Gmail account from Laptop/Pc note down the IP. Stay logged in. Now check same gmail account with your nokia and use mail widget/app. Synchronize your gmail acc. Now get back to your pc/laptop and check the IP. You will see these IPS in Activity information page
United States (64.57.242.88)
United States (64.57.242.87)
United States (64.57.242.90)
United States (64.57.242.89)

Here is screenshot of my account
489
[/url][/IMG]
 
smopel said:
I am not giving you hope. I am giving you the fact. A simple example can clarify it. Login to your Gmail account from Laptop/Pc note down the IP. Stay logged in. Now check same gmail account with your nokia and use mail widget/app. Synchronize your gmail acc. Now get back to your pc/laptop and check the IP. You will see these IPS in Activity information page
United States (64.57.242.88)
United States (64.57.242.87)
t
United States (64.57.242.90)
United States (64.57.242.89)

Here is screenshot of my account
489
[/url][/IMG]
Click to expand...

thanx and done,refer to my two last posts
 
Kgabogk said:
thanx and done,refer to my two last posts
Click to expand...

I would still turn on 2 step logons if I was you, you can generate a password for your nokia that only that phone can use, so even if they copy it they wont be able to use it.
 
Elimentals said:
I would still turn on 2 step logons if I was you, you can generate a password for your nokia that only that phone can use, so even if they copy it they wont be able to use it.
Click to expand...

powering my laptop now,thanx
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X