or sign in to get started

“@steverubel , from all we can tell now, not a Gmail flaw. More like malware, phishing, too-easy password, same pw at multiple sites, etc.”

November 22 at 11:12 am - Link

Any thing to be done on the GMail end to prevent this? - Roberto Bonini

Roberto, the Gmail security stuff is really far afield from my area, but I know the Gmail folks think hard about this. Not much to be done about malware/keyloggers/phishing/same pw at multiple sites. On too-easy password, the tension is between ease of use vs. security. If it's too hard to sign up for Gmail (e.g. require a backup email address), fewer people will do it. But I know the Gmail team thinks about this a lot. - Matt Cutts

It is a pity, cause not everyone has good pw security. And everyone has some important emails in gmail. looking like the only "solution" to this is remove important stuff from gmail. - Roberto Bonini

What if Gmail somehow flagged the account so the user could see it (and the hacker couldn't dismiss it) if someone signed in from an unusual IP? Gmail already has IP tracking at the bottom of the screen, but it is relatively unnoticeable unless you are looking for it. - Kelly Johns

What if setting filters and fowarding could be enabled to require a CAPTCHA of some kind to ensure changes user generated? Or have an option to replace the password every so often with a totally new and unique one you have not used in the past, like windows security policies do. - Roberto Bonini

You can also see the recent account activity information in the footer of GMail. It'll tell you when the last time was it was accessed, which IP address (and if that was on the same computer). If you see anything strange there, be paranoid and change passwords, etc. - John Mueller

You are right John, I think Gmail should somehow bring it to your attention though in a way that a hacker wouldn't be able to get around. Like by sending an email to an alternate account and making you approve that IP for use...otherwise I never even pay attention to the IP at the bottom - Kelly Johns

also, if you login via https to gmail does that solve most security issues? - Kelly Johns

Kelly, from what Matt wrote it looks like this was not from a "GMail security issue" but rather something more generic (like someone getting to your password). Yes, using https is certainly better, especially when you are worried about the hacker being in your network (say at a public access point, in a hotel, etc), but you still have to stay secure (use a good password, change it regularly, keep your system's software up to date, etc). There are certainly ways to improve it & I'm sure the team is always working on that though. I like your idea of bringing "new IP addresses" to the user's attention, I'll pass that on :). - John Mueller