It was a scary moment because my other non-Google accounts like Twitter and Facebook were also associated with that Gmail address, so there was a big risk of losing them too.
Fortunately the story had a happy ending as the support team at Google quickly identified the breach and restored access to my account pretty soon.
All this happened even though I used complex and lengthy passwords. There is a definite need to add another layer of security. Here are some suggestions:
The easiest option is to turn on 2-step verification for your Google Account and then install the Google Authenticator app on your mobile phone. This is available for Android, iOS and BlackBerry devices. When you are trying to sign into your Google Account from another computer or mobile device, you will need the account password as before, but you will also have to enter a unique time-dependent code generated by the Authenticator app on your mobile phone. So if someone manages to get hold of your Google password, say through a key logger software, they still won't be able to gain access without your mobile phone.
If the Authenticator app is not available for your mobile phone, you can still enable the 2-step verification. Google will send you the unique code through a text message or a voice call.
If you are planning to access your Google Account from a public computer, you might consider using a virtual on-screen keyboard to enter your Google credentials. Go to the Run box in the Windows Start Menu and type osk.exe to activate the virtual keyboard. But the best method to bypass key loggers on public computers is a Live Linux CD you can boot the 'unknown' machine using the Live CD and it will leave no traces whatsoever once you exit the session.
It's also a good idea to check the list of services that are authorized to access your Google Account. Some of these services may have access to your Google data, so it makes sense to revoke access to those that you no longer use. Google recently introduced a new service Accounts Activity where it sends you monthly reports on how you are signing into your accounts and from where. You may want to enable this as well.
One more thing: If you ever lose access to your Google Account, you'll be required to answer a series of questions to verify your identity. Things like who invited you to open your Gmail account or when did you create your Gmail account. Keep these details handy somewhere as they may speed up the account recovery process.
No comments:
Post a Comment