Google Blogoscoped

Forum

Getting Back a Stolen Account

DPic [PersonRank 10]

Monday, October 6, 2008
15 years ago2,889 views

I'm not sure if i've mentioned a similar idea here before, but i was just thinking this might be a good solution-- or rather prevention of getting an account stolen. Gmail could have two separate passwords, one for home (or whatever computer(s) you are the only one with access to) which you would assign to a specific IP address, and another for all other computers. This way, you could even change what can be done from inside your gmail account when you're not logged in from the specified IP address(es).

sony c. [PersonRank 0]

15 years ago #

my idea is one password(A) for anything. another password for high level control(B). for example, (B) can delete, account, delete services, & clean trash etc, (A) do not allow above function. that can be every service or web account such as hosting serivce, i can use (A) login to cPanel to manage file, redirect, php etc, but for domain transfer,delete that have to be (B) password.

all we're afraid is account(s) gone alway when u wake up, right?

DPic [PersonRank 10]

15 years ago #

Does anyone think this isn't a good idea? There are two layers of security here-- on is that there are two passwords. One super-password and one normal password. On top of that the super password only works on IP addresses you've specified. The only possible issue i see is for people who don't own a computer-- and that's not really a small problem.

Cookie Lee [PersonRank 9]

15 years ago #

To sony c.:
   I don't think that's a good idea: Will that idea avoid hackers from hacking (B) password? if it won't, hacking it, the hacker still gets the control of your account.

Ianf [PersonRank 10]

15 years ago #

Staggered passwords need not be associated with a particular IP, or IP-range, to be of use. Any division of functionality/ privileges on per-passwd basis would be a bonus – provided it'd be employed widely and consistently. Such deployment brings also with it some new problems, however. The public at large neither understands, nor cares a lot, about/for computer security.... they expect it to "just work" with given names and birth dates of first-borns, spouses, favopets and the like (nearly all of which are easily retrievable in legal fashion in the public domain). So, ultimately, the stick with which to measure effectiveness of any change/ or improvement/ in password security for the public at large is not how CLEVER, but how little INTRUSIVE, thus inviting to be adopted, it appears to be (in the daily ops, and to ordinary/ not professional or "motivated" users). Yes, Virginia, first impressions do count.....

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!