How anyone can easily take over your account even if you have 2-STEP Verification enabled .
I have been seeing plenty of people lately out there that have a real strange sence of security when it comes to them using this "Two Step Verification" thing offered on their Google Accounts.
It is time that the truth be told and spread, this feature will NOT prevent a hacker from getting into your account and doing as he or she pleases with it. Easy and without hassle.
The only thing that the 2-step verification is good for is the prevention of people using password cracking methods to get your login details and access your account. Everyone knows that running a password cracker can take weeks, months or more to find a good password. This is why these days there is something called cookies and if a hacker easily gets his hands on your verification cookie ( there are 100+ ways) that is stored when you do the 2-step verification process, in your browser along with other cookies for 30 days. So while you are logged in and did all your fancy mobile pin entering and feeling safe and secure while you surf with your head up, someone is watching you and dipping into your browser cookies, grabbing the verification cookie and thanking you on the way out. Now once he has this, your little 2-step verification nonsence is useless. The only way you can stop the hacker from getting into your account once he is armed with this cookie is the following.
You have to click on SIGN OUT in all of your google products, gmail g+ etc.
You have to go into your browser options and clear private data and delete all cookies.
You have to be sure 100% that you are logged out of ALL sessions.
Everytime you do that, it will render that verification cookie useless and the hacker will not be able to easily access your account with it. Mind you, do you want to do this process every few minutes? (thats all the time the hacker needs to mess with your account, change pass, change content and cause problems in your life)
To be totally secure, this would mean, every two minutes, you need to stop what you are doing here, log out of all google services, open your browser and delete all private data and cookies, then log back into Google and send a new pin to your mobile, then do that 2-step verification process once again, repeat all this in another two minutes……
We all know you are not going to do that, the person who is taking over your account knows you are not going to do that as well. That is why you need to realize, if there is a will, there is a way. If someone wants access to your account, they will get it. No 2-step verification gimmics are going to stop them.
Brought to you by Adam Guerbuez
Google+: View post on Google+
Post imported by Google+Blog. Created By Daniel Treadwell.