While I wait for the Google team to get of their act together & get my account out of the hands of the thief/hacker who recently stole my password & locked me out of my Google account, I thought it might be a good time to share with those of you who don't know, just how vulnerable your Google account is.
I will get strait to the point:
If someone steals your password, they can:
1) Change your password, with no security questions.
2) Change your security question, again, with not security questions.
3) Remove your secondary email address (why this is important is coming up next).
Now, imagine the poor victim who just had his account stolen (lets call him Jim).
1) Jim tries to log into his account only to be informed by Google's authentication system : Sorry! Your account name and password do not match.
2) Jim suspects someone has stolen his account, a little worried now, he clicks "I cannot access my account" & follows the link's to the lost password recovery screen.
Jim enters in his username & is promptly informed that an email containing password reset instructions has been delivered to his secondary email address.
Do remember back to point number "3" (of what a hacker can do if he has access to your Google account)? I will remind you: "Remove your secondary email address". No security question is required, NO email verification is required, it can just be removed that easily.
Silly? You might be thinking, that Google bases it's account recovery/security feature on a system that makes it so easy for a hacker/thief to bypass..
But wait, IT GETS WORSE!
Google informs you next:
If you don't have a secondary email address, or if you no longer have access to that account, please try the 'Forgot your password?' link again after five days. At that point, you'll be able to reset your password by answering the security question you provided when you created your account.
Well that's just brilliant, so you are telling me that for 5 days, the hacker has free run of my whole Google account (include Gmail, Checkout, Adsense, Adwords.. etc).
But wait, after 5 days, and the damage is TOTALLY done, then finally I will have the opportunity to reset my password by answering the security question..
WAIT A BLOODY MINUTE, are we forgetting #2 of what a hacker can do if they learn your password? That's right! Change your security question!! (without even needing to enter the previous security question). I ask, how on earth is that considered secure?
So poor Jim, is holding on to a slim hope that the hacker was not smart enough to change his security question & in 5 days, he might have access to his account again.
But wait, yes that's right, IT GETS EVEN WORSE:
To prevent someone from trying to break into an account you're actively using, the security question is only used for account recovery after an account has been idle for five days. The Gmail team cannot waive the five day requirement or access your password under any circumstances.
Did you see the part that mentioned idle for 5 days? & by idle, they mean, that neither you, nor the hacker, can even attempt to log into your account for 5 full days. If so, one can only assume the timer resets.
What does this mean? Basically, your account now belongs to the hacker until Google does something about it. All the hacker has to do is log into your Google account once, every 5 days, and the account will remain his, forever.
This is the situation that I am facing right at this moment. Unfortunately, I am not the first person to have this problem, and Google's support/response time has been rumored to take even past a week of time. I am hoping the rumors aren't true.
Let me also mention, that I adore Google, otherwise. But this experience is making me literally sick to my stomach.
If, anyone can help (tho I don't know how you would).... I'd love to hear your suggestions.
Peace & take care of yourselves, and your Google accounts, use strong passwords & keep them safe. Myself, I might be renewing my relationship with that bastard child: Yahoo.
Subscribe to:
Posts (Atom)