How to make your Gmail account easy to recover if hacked

The very first step to take is the same as I discussed in last article.

Keep variations in your username/password over various sites: its of prime importance as how could you think that any random forum or newbie site could be as secure as your Yahoo/ Gmail/ Hotmail? If you use the same username/password combination in some smaller sites/ forum and that one got hacked, then a hacker could try to login with the same in other popular services as well and that could lead in getting your account hacked in a way, where no mistake was from Gmail/ Yahoo/ Hotmail side.


The other steps are for recovery of your email if hacked from Gmail as Amit suggested:

Use your old days pen & paper and note down the following somewhere:

  1. The month and year when your created your Gmail / Google Account.
  2. If you created a Gmail account by invitation, write the email address of the person who first sent you that invite for Gmail.
  3. The email addresses of your most frequently emailed contacts (the top 5).
  4. The names of any custom labels that you may have created in your Gmail account.
  5. The day/month/year when you started using various other Google services (like AdSense, Orkut, Blogger, etc.) that are associated with the Google account that you are trying to recover. If you’re not certain about some of the dates, provide your closest estimate.
  6. Run a Test! Log-out of all your Gmail / Google Accounts. Start the password recovery process. This guarantees that what you set up actually works. You want to be absolutely certain your SMS settings and secondary email addresses are configured correctly. (this is when you have associated your mobile in your Gmail account, do it for sure).
  7. Check your IP Address: From time to time check out the IP address in the footer of your Gmail Inbox. If you see an odd one, change your Google password immediately. Knowing IP addresses may seem too technical to some but it’s good information to know.

Thanks to Amit for listing out these tips.


At the end …

“ I don’t expect from everyone to be smart enough to remember these all minor but common details, but its about knowing your account more better than anyone else. Its like recognizing your bag, when recovered from police etc. You need to tell them that what’s inside it, which only you are expected to know. So, know your account better and keep it noted down in your diary or somewhere secured. ”

photo of Nitish KumarNitish Kumar

Advertisements

Hacking of Twitter leaves questions over Cloud again

Not much days passed when database of RockYou was compromised and the hacker also revealed in sample that what  database structure was and how passwords were stored in plain text, which were including not only RockYou, but of yahoo, MySpace, Friendster etc as well. The revelation was a shock to many people and a big setback for cloud computing in a way as it shown that how things could go wrong in incompetent hands.

rockyouTwitter-logo


And last night, the world was encountered with greatest shock, when biggest micro-messaging giant Twitter, which stands as like some top 20 of largest web apps of now days, went down due to a hack attack by 22:00, Dec 17, 2009. Below are the related screenshots.

1. How twitter.com was showing the below message from some Iranian Cyber Army

Twitterhacked 

2. Even Google started showing the messages on searching for twitter

google-twitter

3. Find the related video


Although later on after around one and half hour, it was restored back with the official message from Twitter’s side.

“ As we tweeted a bit ago, Twitter’s DNS records were temporarily compromised tonight but have now been fixed. As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we’ve investigated more fully. ”


The chapter ended, but shaken a lot of faiths. First let us here discuss the layman terms and consequences of these incidences.

Compromised DNS records: Basically when you type some address in your browser, then various DNS Servers around the world redirect you to associated IP Address as actual machine communication happens on this IP address level only and readable address are just for human convenience. Later these requests reach to the site itself, which is if big enough, then maintain its own DNS server to keep other many servers behind it on same IP with required redundancy.

Now what happen, if somehow temper DNS recordings and this DNS starts redirecting you to some other IP rather than the official one i.e. to other server, which could be holding anything like this message this time. You will get the same site address in address bar, but now its going to some other server and some other application, which just happened with Twitter.

“ Think, what worse could have happened? If the hacking side might have tried their luck a little harder through phishing means presenting you exactly the same webpage like Twitter’s login page. Million of users were just giving their usernames and passwords so easily without knowing that this time, they were giving the same information away in wrong hands for nothing. ”


There are more lessons to learn from this RockYou and Twitter incidence. RockYou password revelation wasn’t a danger to RockYou itself, but it was containing passwords of many other accounts and so if one reaches there, then could take hold of all those millions of accounts and information within. Moreover, as the common practice is, people keep on using the same username and password at all the websites they know, which means if one try logging into gmail with same username/password combination retrieved from hacked RockYou, its not a hard luck that he will succeed to login.

So, the lessons here are:

  • Keep real good passwords.
  • Don’t trust completely over websites security as of now.
  • Avoid keeping your important info like bank account no. stored in your email ids.
  • Try to have different passwords for different sites at least, if can’t manage with different usernames.
  • As easiest way to hack some account usually involves the alternate email account you given, better give out your mobile no as it provides you SMS in many cases (if site doing so like Google) and in a way more securer than alternate email id case.

    and

  • Still we have to go a long way to have cloud computing working properly for us in light of such incidences.