(OT) Google: "Somebody knows your password"

Sun Aug 6 19:29:55 UTC 2017

Duane Whitty schreef op 06-08-2017 20:50:
> On 17-08-06 03:40 PM, Ralf Mardorf wrote:
>> On Sun, 06 Aug 2017 18:52:13 +0200, Xen wrote:
>>> Volker Wysk schreef op 06-08-2017 18:48:
>>>> Am Freitag, 4. August 2017, 10:10:24 CEST schrieb Ralf Mardorf:
>>>>> PS: Are you using "2-Step Verification"?
>>>>> https://www.google.com/landing/2step/#tab=how-it-protects
>>>> 
>>>> I've turned on 2-Step Verification now.
>>>> 
>>>> Now fetchmail can't access my gmail-account any longer!
>>> 
>>> Welcome to problem multiplication zone.
>>> 
>>> Let Ralf be your guide! ;-).
>>> 
>>> Regards :p.
>>> 
>>> (in other words, just quit it you know, stop the nonsense).
>> 
>> I did not recommend to use it, I just asked if it was used, since it's
>> an important information, if you seriously try to answer Volker's
>> questions.
>> 
>> 
> 
> All the OP needs to do is set up an application specific password.  It
> is not difficult and there are many guides available.  Once this is 
> done
> the issues do not multiple, they go away.  Well at least that has been
> my experience.

Sure, but I don't think this is what Volker wanted.

The reality is that Google blocked the attempt and I mean, what's more, 
if it happens again then you have something interesting going on. 
Probably a website got compromised, I don't know.

It's not the end of the world yet, okay.

Stop panicking, you know. Everyone.

We live in a time where "being riled up" is the most common thing.

Keep a clear head and don't overexaggerate.

The fact that you were hacked is valuable information.

You can think about what other places that password was used, if any.

If it happens again, you know for sure something is wrong. At this 
point, this is just informative.

Keep a clear head, and don't think.... don't panic, and don't think that 
security at all costs is worth it, I mean, stay flexible.

To me, two-factor is just a pain. Every site that uses it, more trouble 
for me.

Makes it so hard to hack stuff too, you know. Just kidding ;-).

Google keeps bugging me every time I sign in from a different VPN 
location.

Steam bugs you every time you use a new device.

When you have two-factor on Blizzard, you can't play any games unless 
you have the authenticator with you.

Because of the enforcement of strong passwords, that not only I hate, 
most of my time logging into older websites is now spent on activating a 
recovery email message to change my password.

After which I forget it again.

Password managers are computer-local and can also be hacked.

I wish people would chill out a bit. Makes my life a lot easier if they 
did. Not as a hacker (Just kidding ;-)). As an ordinary person.