Join 3,564 readers in helping fund MetaFilter (Hide)


How can I stop someone from changing my gmail password?
June 17, 2010 11:47 PM   Subscribe

Gmail security: Someone keeps trying to recover, or change, the password for my gmail account. I'd previously set my gmail recovery option to send me an SMS, and I'm getting a lot of SMSes saying, "Your Google Account recovery code is: ... If you did not request this code, you can safely ignore this message". I've already changed my secret question to be really obscure, but what else should I do to protect my account? Every couple of weeks, I get bombarded with SMSes because someone is trying to access my account. Can I temporarily disable the recovery option? I'm just worried that someone might guess the answer to my secret question by brute force or some other means.
posted by surenoproblem to Computers & Internet (12 answers total) 3 users marked this as a favorite
 
Is your email something like joesmith? Could it just be Joe Smith after Joe Smith after Joe Smith attempting to access their account but forgetting they are joe.smith or joe.s.smith?
posted by geek anachronism at 12:01 AM on June 18, 2010


Could it just be Joe Smith after Joe Smith after Joe Smith attempting to access their account but forgetting they are joe.smith or joe.s.smith?

That's definitely a possibility. My email is rather joe.smith-y. I'd still like to protect myself, though.
posted by surenoproblem at 12:06 AM on June 18, 2010


Why don't you make the answer to your secret question a complete non sequitur? Something like a 20 character string of gibberish...
posted by felix betachat at 12:28 AM on June 18, 2010 [4 favorites]


A thought - if you're worried about someone managing to stumble upon or force their way into the answer to your secret question, either lie egregiously (Why yes, my first pet was indeed Lord Whimsypants-Snugglebottoms the IVth!) or enter the answer in some kind of cyphered manner. Backwards is easiest, or replace certain letters with numbers, ROT-13, that kind of thing. So, Lord Whimseypants-Snugglebottoms would become Smottobelgguns-Stnapyesmihw, for example. No cipher is unbreakable, but that would probably keep away the Joe Smiths of the world.

(Just for fun - ROT-13 of the reverse becomes Fzbggborytthaf-Fganclrfzvug. Slightly harder to remember, but a few minutes with a bit of notepaper and you can get it back. I just tried to 1337-speak that, but there are limits....)
posted by MShades at 12:31 AM on June 18, 2010 [3 favorites]


If you think it's someone making an honest mistake, make the recovery question (if you can edit it freely) a message to them. Perhaps "I don't know who you are, but this isn't your account." Then make the answer something secure.
posted by Rinku at 12:44 AM on June 18, 2010 [22 favorites]


+1 for Rinku's answer.

By "make the answer something secure", try something like a long random string e.g. 20 letters from http://www.random.org/strings/ (tick all 3 boxes)

Write this string down somewhere that you won't lose, for example in your address book. (Don't label the string with what it is for).

Anything you've thought of is (theoretically) guessable. A long random string is not.
posted by richb at 2:02 AM on June 18, 2010


The answer to your secret question is in fact a password, and there's no reason why you need to make it less secure than any other password.

Change both your Gmail account password and your secret answer to something nice and strong, then sleep easy.

My own first teacher's name was not dMBDMq84a2FS. But it could have been!
posted by flabdablet at 2:16 AM on June 18, 2010 [3 favorites]


Incidentally, though random.org's password generator does in fact generate very strong passwords, I have seen bank websites reject them for being too weak. Although they are pretty much uncrackable as they stand provided they're longer than about 10 characters, you might want to insert a few punctuation marks to appease clueless password strength evaluators.

Google's password strength evaluator is also rubbish. I have seen ordinary dictionary words with a single $ sign appended rated as "strong" by a Google password edit page.
posted by flabdablet at 2:24 AM on June 18, 2010


This happens to me at least once a month, where I get a ton of SMS messages about someone trying to access my gmail account. I hate it, and it sucks, but I know it's because i have a real word as my username (I will never make that mistake again).

My secret answer is an actual answer run through the online Rot13 translator, which seems secure enough and easy to actually do.
posted by gemmy at 8:59 AM on June 18, 2010


Rinku's answer is awesome. I would never have thought of doing that.
posted by Vorteks at 9:59 AM on June 18, 2010


Is your email something like joesmith? Could it just be Joe Smith after Joe Smith after Joe Smith attempting to access their account but forgetting they are joe.smith or joe.s.smith?
posted by geek anachronism


Just a small note, gmail handles the addresses joesmith@gmail and joe.smith@gmail as being the same address, you can put a period anywhere in your address and it resolves the same and the email will go through.
posted by haveanicesummer at 11:49 AM on June 18, 2010


If you feel the random gibberish password is potentially unworkable for some reason, another possibility is to pick a lyric or line that you'll remember but that isn't some obvious phrase (i.e., not "the quick brown fox jumped over the lazy dog"), and convert it to the first letter of each word. (Bonus if there's a number or a word in there that you can convert to a numeral.) So, for example, if you happened to memorize Emily Dickinson's "Because I could not stop for Death, He kindly stopped for me; The carriage held but just ourselves -- and Immortality" you could convert it to BIcns4DhksfmTchbjoaI. Add a punctuation mark in there somewhere and you're set (unless you're being pursued by a very poetic thief).
posted by scody at 11:58 AM on June 18, 2010 [2 favorites]


« Older Barber shop shave in Seattle f...   |  Can you use a 3G modem+PC+soun... Newer »
This thread is closed to new comments.