Well, that's annoying...

[ffutures]

Someone in Mexico apparently tried to hack my gmail account, and was stopped from logging on - since it was a VERY arbitrary string of letters and numbers that isn't easily associated with me (the college's code for a technician's course I took 30+ years ago) they must have used some sort of password generator software to get that far.

Hopefully the new password won't fail quite so easily, it's twice as long and even more arbitrary. Just hope I can remember it.

Comments

[murphys-lawyer.livejournal.com]

I've got 2-factor authentication enabled on my Gmail account. it won't stop the really determined hacker, but it'll make most of them give up and go away.

[ffutures.livejournal.com]

How does that work?

[robertprior.livejournal.com]

It seems to assume that you are accessing GOogle from a smartphone. At least, it requires your mobile phone number. Useless to me, as I use a desktop computer and have a landline.

[thermalsatsuma.livejournal.com]

Google can send two factor codes via SMS to a normal mobile or a landline, I think. It's a bit spooky when you register and a robot calls you immediately. When you set it up you also get ten emergency codes in case you lose your phone.

[ffutures.livejournal.com]

Not much use to me - my mobile is dumb and rarely switched on, and I really don't want to give Google my numbers anyway.

[ianirving.livejournal.com]

Try using either 1stpass or lastpass for password management / generation. My passcodes are generally 16 to 32 chars long and ultra random letters, numbers and symbols which I don't know.

Google's 2 factor authentication generally uses a app on your smart phone. Assumes you will always have your phone with you. It also allows you to receive a text message SMS to your not smart phone.

[ffutures.livejournal.com]

No use to me - I don't have my phone with me at home, and it's not smart and rarely switched on at other times.

[gonzo21.livejournal.com]

Interesting, did Google block the access because it was coming from Mexico?

[ffutures.livejournal.com]

Looks like it. Or maybe it was preceded by a lot of wrong tries.

[gonzo21.livejournal.com]

You see, I thought you only got three attempts and then they locked you out for a while. So would a random password generator work?

[ffutures.livejournal.com]

No idea - maybe the attempted log-in was enough. It may have been some sort of attempt to trick gmail into thinking the password was already received.

[akicif.livejournal.com]

Surely Google sends those warnings when someone fails to log in? I've logged in to my gmail account from overseas and it didn't provoke any kind of warning.

[ffutures.livejournal.com]

No idea - they said it was blocked and that I should change the password, I didn't argue.

[akicif.livejournal.com]

Odd. Hope you didn't change the password by following a link in the email....

[ffutures.livejournal.com]

No - and Gmail flagged the message as important in a way that makes it certain it was from them.

[the-magician.livejournal.com]

For a fairly arbitrary password that's hard to guess, but fairly easy to remember, I came up with the following...

Find a poem or quote you know well ... maybe a bit of a Monty Python sketch ...

E.g. "what is your name? what is your quest? what is your favourite colour"
Take the first letters "WIYNWIYQWIYFC"

Now take your birthdate (or your parent's, or any other famous date)

let's take July 20th, 1969 ... 1969/07/20

now alternate them
W1I9Y6N9W0I7Y2Q0

A random looking set of letters and numbers, but very easy to recreate if you can't remember the code.

There are variations you can add in terms of grouping, capitalisation, adding punctuation marks ... but as long as you remember your phrase and your birthdate (or other important date) then you can recreate your password.

As a final thing, I usually take the name of the site (paypal, gmail, ebay, facebook, etc.) and have a little algorithm for taking some letters and converting them into something in the password ... that makes every site password unique (so getting my LinkedIn password won't get you into Paypal etc.) but again, easy to regenerate if I forget the password, I just use my little algorithm

A simple algorithm might be to take the 2nd, 4th and 6th characters of the URL (after the www. bit) and convert those letters to the numbers on a cellphone keyboard ... so Facebook would get "a e o" and then you can look at a phone keypad to see which digits those correspond to. Sort of like a checksum :-) (without looking, I think that becomes 236)

[ffutures.livejournal.com]

Thanks - I'd rather not comment on what I'm doing.

[the-magician.livejournal.com]

Very sensible ... while I have a way of generating my passwords, it isn't the one I've put here ...

[cdybedahl.livejournal.com]

How sure are you that you don't have a keylogger on your machine? There have been a depressing number of Flash and Java exploits in the wild lately, so if you have either of those active in your browser I'd say keylogging is a more likely scenario than brute-forcing a good password.

[ffutures.livejournal.com]

It's possible, not sure how I look for it.