Shaakunthala's Portal

Today, I've received an email from Google (accounts-noreply@google.com) subjecting Google Password Assistance. Google sends this email when somebody has made an attempt to reset the particular Gmail account's password. But, this request is not initiated by me.

Google password reset process works as follows:

1. User enters the Gmail address into the password reset form.
2. Using CAPTCHA, Google verifies that the request is not made by truly a human.
3. Google uses either of the following methods to verify the account ownership.
   

• If the Gmail account was inactive during the past 24 hours, Gmail asks for the security question which the account owner has provided during sign up.
• If the Gmail account was not inactive, it sends an email to the secondary address that is provided during sign up.

4. After the verification of account ownership, it enables the user to choose a new password.
   

In my case, somebody has made the attempt, and Google has sent me the password reset email. Well, I have reset my password -- I periodically do so. :) So thanks to the poor guy who made the attempt. :P

Anyway, how do we prevent such vulnerabilities? Here's what I think:

• Use at least two email accounts. Use each other to receive password reset emails. Eg: set your Yahoo! address as your Google account's secondary address and set your Gmail address as your Yahoo! account's secondary address.
• Try to access those accounts frequently.
• Use ambiguous Q/A pair as the security question and answer. Use your own tunes with creativity. I know, this can go INSANE!!! Eg: Q - Where did you spend your honeymoon? A - Cloud #9

OK. Anything else does not come to my mind this time. May be later I might add more. By the way,....... who might want to hijack my Gmail account? I still don't have an answer. :-?



Well, there might be several bloggers who want to do this adventure. :D

Thank for reading!