How anyone can easily take over your account even if you have 2-STEP Verification enabled .
I have been seeing plenty of people lately out there that have a real strange sence of security when it comes to them using this "Two Step Verification" thing offered on their Google Accounts.
It is time that the truth be told and spread, this feature will NOT prevent a hacker from getting into your account and doing as he or she pleases with it. Easy and without hassle.
The only thing that the 2-step verification is good for is the prevention of people using password cracking methods to get your login details and access your account. Everyone knows that running a password cracker can take weeks, months or more to find a good password. This is why these days there is something called cookies and if a hacker easily gets his hands on your verification cookie ( there are 100+ ways) that is stored when you do the 2-step verification process, in your browser along with other cookies for 30 days. So while you are logged in and did all your fancy mobile pin entering and feeling safe and secure while you surf with your head up, someone is watching you and dipping into your browser cookies, grabbing the verification cookie and thanking you on the way out. Now once he has this, your little 2-step verification nonsence is useless. The only way you can stop the hacker from getting into your account once he is armed with this cookie is the following.
You have to click on SIGN OUT in all of your google products, gmail g+ etc.
You have to go into your browser options and clear private data and delete all cookies.
You have to be sure 100% that you are logged out of ALL sessions.
Everytime you do that, it will render that verification cookie useless and the hacker will not be able to easily access your account with it. Mind you, do you want to do this process every few minutes? (thats all the time the hacker needs to mess with your account, change pass, change content and cause problems in your life)
To be totally secure, this would mean, every two minutes, you need to stop what you are doing here, log out of all google services, open your browser and delete all private data and cookies, then log back into Google and send a new pin to your mobile, then do that 2-step verification process once again, repeat all this in another two minutes……
We all know you are not going to do that, the person who is taking over your account knows you are not going to do that as well. That is why you need to realize, if there is a will, there is a way. If someone wants access to your account, they will get it. No 2-step verification gimmics are going to stop them.
Brought to you by Adam Guerbuez
http://www.AdamGuerbuez.com
Google+: View post on Google+
Post imported by Google+Blog. Created By Daniel Treadwell.
It's flippin' scary… and I almost left.
I don't know how to make my comp. more secure.
+Jo Anne Thomas You will not see anyone else posting this type of stuff here, since it mainly falls on deaf ears, but I personally enjoy bringing the truth to the masses and causing discomfort that is much needed in this internet day and age.
I appreciate it +Adam Guerbuez , I don't feel so alone!! Others have had it done to them … not that I want anyone to have issues, in a selfish way, it makes me feel better.??
+Jo Anne Thomas Thank you very much, you should share this post with your public and circles, spread the truth and awareness. Education is key and I just laid down plenty of it tonight.
I can share, my problem is I am not IT… I am in healthcare.
But I think someone needs to step up!! TY!!
None of this is new information.
It's true the two-step verification is not the end all be all of security… it does keep less motivated hackers at bay though. You're right when you say "if there is a will, there is a way". The only way to stay 100% secure on the internet, is to not be on the internet .
+Brett Bjornsen Y U want me to leave internet?????????
+Edouard Qayin Nobody ever said it was, this is common knowledge in many circles, just not here. But thanks for reminding us with your comment just the same.
+Jo Anne Thomas Just practice good internet hygiene. Use different passwords for every login. Clear your cookies often. You'll be fine.
I would never imply you should leave the internet +Jo Anne Thomas
If you stay vigilant and careful you can certainly mitigate the risks enough to be safe and stay online.
lol +Brett Bjornsen I was teasing you.
I know
+Adam Guerbuez I just wonder when you will be telling us how easy it is to circumvent most OS password authentication by simply connecting the hard drive to another machine. While you took my comment as being flippant, the fact is there a million ways to access information. The same warnings keep getting circulated as something new.
+Edouard Qayin To be fair, this information is "new" to everyone at some point.
Do Google Chrome, Firefox and Opera store cookies in "private browsing"?
I also think this is a huge reason ppl won't move from FB.
I am good with computers, but healthcare is my profession. This is all new to me, and scary
+Edouard Qayin What exactly is your ending point? That I am posting information that is publicly available, using my own writing style to present said information and appeal to the majority of people who have not already been privy to such information in the past. Do we all not do that, is everything you post on the internet things that have never been done/discussed or discovered?
If I was to post about bypassing OS password locking here (as you mentioned), would that seem irrelevant to everyone? Or would it be irrelevant to +Edouard Qayin , if the later, does the rest of Google plus's 90 million current users really care what is considered to be "old news" by one man who uses this site just like they do?
posted by TrollKing Version 2.0
+Jo Anne Thomas There will always be those people who will not move anywhere outside of Fb no matter what FB gets caught doing with their information and that of their friends. I do not see that changing.
Mmmm. Interesting. Is it easy to get access to one's verification cookie? I guess not for the common user. I kind of like 2-steps verification. Do you still recommend using it or should I read your post as this being completely useless?
Thanks for sharing.. That's great information to have.
That's right! Incognito mode is your friend!
2-step verification is actually very useful for a number of circumstances. It's a widespread myth that for someone to get your password, they have to crack it. Actually, people voluntarily give away their passwords all the time in response to phishing attempts (like those emails asking for your password and claiming your account will be shut down if you don't reply). You guys are probably too smart to fall for those, but even more people give away their passwords via other websites without even thinking about it.
Let's say you sign up for WidgetsWebsite. When you register, you have to give an email address and a password. Let's say you give your Gmail address and the same password that you use for gmail. Now, let's say WidgetsWebsite's database is insecure and gets hacked a month later. The hacker now has a list containing your Gmail address right alongside your Gmail password.
If you are immune to phishing, you have never used your Gmail password anywhere for any other website, and you have up-to-date antivirus and anti-malware that sweeps for keyloggers, maybe you don't need 2-step verification. But when it comes to your email account, the place where you might receive sensitive communications and all your contacts are stored, I think it's better to be safe than sorry!
It's important to use several passwords depending on what you are accessing.. I keep at least 3 levels of password.. One for unimportant crap, another for medium level and another for maximum security.