Gmail account hacked, how can i protect it from happening again?

Cherrycola

First time my email has ever been hacked, it was accessed from China at 2.30am, and seemed to send spam to all my contacts list, and turned on my out of office reply to bounce spam back at anyone who sent me a mail.

My contacts seem to have been deleted also, assholes!:mad:

Ive changed my password, is there anything else i should or can do?

chin_grin

Report it to Google themselves? Other than changing your password there's not a lot else!

Also try to ensure that it's not a word in the english language, contains numbers AND upper and lower case letters. Also special characters might help. It'd be a feck of a password to remember but it'll keep your account hack free (hopefully!).

Cherrycola

Ive changed my password and password recovery question, and recovery email account, so i guess thats all i can really.

Im wondering though why my Google calendar page is showing the Https in the address bar as red, with a line through it, like its not a secure page.
My main gmail page is fine, green padlock, but when i go to Calendar its coming up with a red padlock. Im using Chrome, can anyone shed some light on that?

spider guardian

Make sure you provide non-obvious answers to secret questions. I highly recommend using passwords generated from this page:

https://www.grc.com/passwords.htm

It's possible a keylogger was used to obtain access to your account. Make sure you have anti-spyware software installed.

Must say it seems strange that there is a red padlock showing for your calendar, can't think why to be honest, could be a problem with Google's own SSL cert?

snappieT

Nobody has mentioned, but allowing sites like Facebook to access your Gmail to send mails to your contacts poses a risk, as you're giving Facebook your password. While Facebook is probably safe, there are many sites that engage in this practice who may not be.

hearny

The best way of making sure the password is hard to crack using brute force is as mentioned to include Uppercase, Lowercase, Numbers and Symbols with a minimum character length of 8. e.g. s9umaP$8 or 72se$?Ag
Go to http://www.pctools.com/guides/password/ to generate your own, after using the password for a while you will get the hang of it.

SickBoy

Also worth noting is the account details at the bottom of the gmail page. If you click on details it will display a list of activity and show you if you're logged in from some other PC. You have an option to "Sign out all other sessions". Changing your password doesn't sign out other sessions as far as I know.

Cherrycola

SickBoy wrote: »

Also worth noting is the account details at the bottom of the gmail page. If you click on details it will display a list of activity and show you if you're logged in from some other PC. You have an option to "Sign out all other sessions". Changing your password doesn't sign out other sessions as far as I know.

Yeah ive done that already.

nudist

I use a firefox addon called lastpass-as long as the master password you set it up with is good then you should be secure. Generate your new gmail password and log on using the screen keyboard.

Oh and if you can do use a linux distro of some sort and therefore bypass tons of malware. I cant remember the last time i ran a antivirus scan :pac:

PogMoThoin

The easiest way for a spammer to gain access to Your email is setup a site that requires login and ask for email and a password when You register. If You use the same password they have access to Your emails.

I've one password I use for my email, lastpass and one or two other sites I access regularly, all others passwords are completely random and saved in lastpass
http://lastpass.com/

Cherrycola

PogMoThoin wrote: »

The easiest way for a spammer to gain access to Your email is setup a site that requires login and ask for email and a password when You register. If You use the same password they have access to Your emails.

I've one password I use for my email, lastpass and one or two other sites I access regularly, all others passwords are completely random and saved in lastpass
http://lastpass.com/

I think this is exactly what happened, cos ive definitely used my email and same password to register for other sites, i tend to use the one password so its easy to remember,:o Not anymore!
They would be pretty secure sites or so i thought, the likes of say Topshop/Warehouse/Amazon.

Cherrycola

Ok, so ive installed Lastpass, can you give me a quick rundown on what exactly it does?
It seemed to import some of my sites and passwords when i installed, but not everything was there, Facebook was missing and Paypal.
ive used the same password for Lastpass, and for my gmail now, but what should i do for all other logins, say lke Amazon? Create a random password, letters/numbers, and let Lastpass save so it dont have to remember it? Is that the idea?
Lastpass doesnt actually create the new random password no?

The last thing i want to do is change my password to a jumble of letters and numbers and then not be able to log back in! :eek::D

Obviously sites like amazon are ones i worry about as i have payment information saved in there. Same goes for Paypal!

Cherrycola

Ahaaaaaa, i see now.

Went to change my paypal password and Lastpass offered to generate a new random one, and then saved it.

Pretty cool! :cool:

Why have i not heard of this before now??!! Everyone should use this.

Thanks a mill guys.

NoRegrets

One of the easiest ways to make your account more secure is to make sure you always have the use https setting ticked, to do so just log into your account click settings - browser connection - always use https.

jack presley

Cherrycola wrote: »

Ahaaaaaa, i see now.

Went to change my paypal password and Lastpass offered to generate a new random one, and then saved it.

Pretty cool! :cool:

Why have i not heard of this before now??!! Everyone should use this.

Thanks a mill guys.

Can you set it up to work on more than 1 PC. I sometimes book flights, buy tickets etc. at work and the demo states that it stores the password locally on your PC so if I use a different computer to the one where I set up the password, how will that work?

Cherrycola

No idea to be honest, but good point! How would i access my facebook from another pc or iphone if i have a random password. hmmm, anyone know?

PogMoThoin

jack presley wrote: »

Can you set it up to work on more than 1 PC. I sometimes book flights, buy tickets etc. at work and the demo states that it stores the password locally on your PC so if I use a different computer to the one where I set up the password, how will that work?

Yes You can, on any OS, Windows, linux, mac, with any browser Internet explorer, firefox, chrome, safari and even on android phones or iphones. They also do a usb utility that You can also carry an encrypted copy of all Your passwords with You on a usb key. It really is an amazing piece of kit, passwords are saved online encrypted on their server.

Cherrycola

So i can log into my Lastpass account from any PC and that will enable me to login to all my websites?

Stinicker

My hotmail got hacked two days ago and like the OP it was the first time anything like this ever happened to me. I am pretty mad over it and am busy trying to change dozens of passwords from two or three common ones one of which the feckers guessed.

PogMoThoin

Cherrycola wrote: »

So i can log into my Lastpass account from any PC and that will enable me to login to all my websites?

No, only on pc's that You can install the software on. But what You can do is either carry Your passwords encrypted on a usb key or visit the lastpass website and login to see them online. You shouldn't be logging in to sites on strange pc's internet cafe's, college etc, You never know how secure they are or if they have keyloggers etc. This is the weak point in this security, the end user is the weakest link.

Razzuh

If you ever have no choice but to log in using a public PC, a handy trick to fool basic keyloggers is to use copy and paste: highlight a character that's in your password (the character might be in text on the login page or just copy it on another site) and then right click and paste it in the 'password' field of the login form. Then you can type the other characters. Not all keyloggers will be fooled by this but a lot will.