This is a great thing but I think you are thinking too small.
Rather than notify only on the Google Dashboard, this should be integrated into all Google products to notify people as they are going about their business not just while they are checking their dashboard.
This is probably in your plans but saying so would be really good.
Agreed. I would hazard that most gmail users (including me) don't know what the Google Dashboard is and where to find it. I looked for several minutes -- no luck. So this feature appears to be of no value to me (at least until someone posts how to get to the Dashboard!).
First of all, I agree the message should propagate throughout all Google sites. I'd never heard of the Dashboard until today and I consider myself pretty savvy.
Second, I may be missing something, but if we as account owners are able to manually dismiss the warning message that our account has been logged into by someone else, then what's stopping the hacker from dismissing the message themselves, or setting up a simple script to go to Google Dashboard upon login and dismissing the message that way?
The message should stay open for a set amount of hours. It's not like the message impacts the account owner's use of Google products. It's simply a warning message, and having the slight annoyance of it being around for 24-48 hours far outweighs the headache and security dangers of not knowing someone has compromised the account.
Thanks for the feedback. You are invited to visit your Google Account Dashboard at www.google.com/dashboard. If you have a Gmail account, the message will be displayed also in your Gmail page. But if you are not a Gmail user, you can see it in the Dashboard, as well as the data and recent activity in your account. In both cases, the message will not be displayed to the user from the suspicious IP. You will be able to view and dismiss it only from a "good" IP.
As someone who has been badly comprised in the past, this is a good step in the right direction.
However, when I was hacked I was asleep whilst a Ukranian hacker accessed all my mail, docs, and blogger accounts.
Could we not improve this further whereby you can only Log into an account from another PC / IP only if you provide a PIN or Grid Authentication which will then allow that PC/IP access.
It would work similar to LastPass's excellent grid authentication whereby you can only access your account from a Computer/IP that you have authorized. If another attempt is made from another PC location you have to provide this additional Code. This code is not stored in your Account but is like a Bank Pin send out to you on a one time deal.
All this will help me with currently is to tell me what I already know when I can't log in after I've been hacked, and in most cases the hacker would have changed my password, backup emails and security questions, as well as enabling an email filter to push through my emails over to him.
Please take this seriously.
More and more people are putting all their stuff onto the cloud, and a simple Username/Password authentication system is not enough anymore.
Is there a way we could use wget or an ajax call to get this information for ourselves? For example, I'd like to be able to write an extension for Chrome that could periodically poll this data and show an alert right in the browser if you get compromised.
Maybe it appear on your google home page as well when you log in. I think that this is a good idea but a smart hacker would not get caught by something this simple, you know?
This is a great thing but I think you are thinking too small.
ReplyDeleteRather than notify only on the Google Dashboard, this should be integrated into all Google products to notify people as they are going about their business not just while they are checking their dashboard.
This is probably in your plans but saying so would be really good.
This comment has been removed by the author.
ReplyDeleteAgreed. I would hazard that most gmail users (including me) don't know what the Google Dashboard is and where to find it. I looked for several minutes -- no luck. So this feature appears to be of no value to me (at least until someone posts how to get to the Dashboard!).
ReplyDeleteI agree with the others google needs to show that alert in every google product possible.
ReplyDeleteAlong with that they should give us other options for getting notified such as emails, texts, chats.....
It would be cool if it could block the French user or require some sort of super password before he logged in, like texting to their designated cell.
ReplyDeleteFirst of all, I agree the message should propagate throughout all Google sites. I'd never heard of the Dashboard until today and I consider myself pretty savvy.
ReplyDeleteSecond, I may be missing something, but if we as account owners are able to manually dismiss the warning message that our account has been logged into by someone else, then what's stopping the hacker from dismissing the message themselves, or setting up a simple script to go to Google Dashboard upon login and dismissing the message that way?
The message should stay open for a set amount of hours. It's not like the message impacts the account owner's use of Google products. It's simply a warning message, and having the slight annoyance of it being around for 24-48 hours far outweighs the headache and security dangers of not knowing someone has compromised the account.
Thanks for the feedback. You are invited to visit your Google Account Dashboard at www.google.com/dashboard.
ReplyDeleteIf you have a Gmail account, the message will be displayed also in your Gmail page. But if you are not a Gmail user, you can see it in the Dashboard, as well as the data and recent activity in your account. In both cases, the message will not be displayed to the user from the suspicious IP. You will be able to view and dismiss it only from a "good" IP.
As someone who has been badly comprised in the past, this is a good step in the right direction.
ReplyDeleteHowever, when I was hacked I was asleep whilst a Ukranian hacker accessed all my mail, docs, and blogger accounts.
Could we not improve this further whereby you can only Log into an account from another PC / IP only if you provide a PIN or Grid Authentication which will then allow that PC/IP access.
It would work similar to LastPass's excellent grid authentication whereby you can only access your account from a Computer/IP that you have authorized. If another attempt is made from another PC location you have to provide this additional Code. This code is not stored in your Account but is like a Bank Pin send out to you on a one time deal.
All this will help me with currently is to tell me what I already know when I can't log in after I've been hacked, and in most cases the hacker would have changed my password, backup emails and security questions, as well as enabling an email filter to push through my emails over to him.
Please take this seriously.
More and more people are putting all their stuff onto the cloud, and a simple Username/Password authentication system is not enough anymore.
Is there a way we could use wget or an ajax call to get this information for ourselves? For example, I'd like to be able to write an extension for Chrome that could periodically poll this data and show an alert right in the browser if you get compromised.
ReplyDeleteInteresting, I just know and realized it.
ReplyDeleteHope it will be implemented to all Google Products in the future plan.
Maybe it appear on your google home page as well when you log in. I think that this is a good idea but a smart hacker would not get caught by something this simple, you know?
ReplyDelete