Google password reset process works as follows:
- User enters the Gmail address into the password reset form.
- Using CAPTCHA, Google verifies that the request is not made by truly a human.
- Google uses either of the following methods to verify the account ownership.
- If the Gmail account was inactive during the past 24 hours, Gmail asks for the security question which the account owner has provided during sign up.
- If the Gmail account was not inactive, it sends an email to the secondary address that is provided during sign up.
- After the verification of account ownership, it enables the user to choose a new password.
Anyway, how do we prevent such vulnerabilities? Here's what I think:
- Use at least two email accounts. Use each other to receive password reset emails. Eg: set your Yahoo! address as your Google account's secondary address and set your Gmail address as your Yahoo! account's secondary address.
- Try to access those accounts frequently.
- Use ambiguous Q/A pair as the security question and answer. Use your own tunes with creativity. I know, this can go INSANE!!! Eg: Q - Where did you spend your honeymoon? A - Cloud #9
OK. Anything else does not come to my mind this time. May be later I might add more. By the way,....... who might want to hijack my Gmail account? I still don't have an answer. :-?
Well, there might be several bloggers who want to do this adventure. :D
Thank for reading!
Comments (0)
Post a Comment