U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Internet
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
 
Old 03-03-2021, 09:40 AM
 
Location: Redwood Shores, CA
964 posts, read 409,458 times
Reputation: 1007

Advertisements

I received this email in my Gmail box. I'm wondering if this is legit or is it a scam.

If I am to change password, is it safer to go to the setting button rather than clicking on that "Take action" button?

Click image for larger version

Name:	google.jpg
Views:	33
Size:	75.8 KB
ID:	227850
Rate this post positively Reply With Quote Quick reply to this message

 
Old 03-03-2021, 09:46 AM
 
Location: Sweet Home Chicago!
5,915 posts, read 4,575,008 times
Reputation: 7564
If you hover over the take action box, note the link in the bottom of your screen. However, bottom line, NEVER click on those type of links. Go directly to google.com by yourself and then login and change your password. Always a good idea to setup two factor auth too. That's where you login and then have to enter the code sent to your phone, etc. before you can access your account.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 03-03-2021, 09:50 AM
 
Location: The DMV
5,037 posts, read 8,908,412 times
Reputation: 5867
It looks legit...(can only do so much with a static image)? To be safe, assume the message is legit (that your password was compromised). But don't use that email to make the change. Go into your gmail options manually and change your password.

Better safe than sorry.

A quick Google (no pun intended) shows that they are warning people about compromised passwords.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 03-03-2021, 10:39 AM
 
Location: Redwood Shores, CA
964 posts, read 409,458 times
Reputation: 1007
Thank you both.

Just for my curiosity, how might Google detect "my password is online"? Do they just detect same character string? Or someone is there a name list that can link to me? Something else? I feel the world of internet is leaving me behind (but at least I'm no longer using AOL).
Rate this post positively Reply With Quote Quick reply to this message
 
Old 03-03-2021, 10:43 AM
 
1,891 posts, read 861,348 times
Reputation: 6382
Do you use Chrome to save your login/password at any sites? If so, there you go.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 03-03-2021, 11:20 AM
 
Location: Sweet Home Chicago!
5,915 posts, read 4,575,008 times
Reputation: 7564
Quote:
Originally Posted by RobertFisher View Post
Thank you both.

Just for my curiosity, how might Google detect "my password is online"? Do they just detect same character string? Or someone is there a name list that can link to me? Something else? I feel the world of internet is leaving me behind (but at least I'm no longer using AOL).
There are lists floating around the Internet with compromised username/passwords. If your username has been compromised in the past and it's the same as your google username/password, they want you to change your password. They consolidate compromised username lists and scan their accounts for a match. For example, you use Johnny123@gmail.com as your username for gmail, your bank, netflix, company1, company2, etc. A breach occurred at company1 last year and a hacker grabbed the username/passwords of thousands of accounts and then put them up on a hacker forum. Now the hackers start trying to login to popular services using Johnny123@gmail.com and your compromised password. You can still use Johhny123@gmail.com going forward but you should change the password anywhere it's used.

Quote:
Originally Posted by gus2 View Post
Do you use Chrome to save your login/password at any sites? If so, there you go.
This doesn't matter, that's a local cache on your local computer.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 03-03-2021, 07:45 PM
 
Location: Redwood Shores, CA
964 posts, read 409,458 times
Reputation: 1007
Quote:
Originally Posted by flamadiddle View Post
There are lists floating around the Internet with compromised username/passwords. If your username has been compromised in the past and it's the same as your google username/password, they want you to change your password. They consolidate compromised username lists and scan their accounts for a match. For example, you use Johnny123@gmail.com as your username for gmail, your bank, netflix, company1, company2, etc. A breach occurred at company1 last year and a hacker grabbed the username/passwords of thousands of accounts and then put them up on a hacker forum. Now the hackers start trying to login to popular services using Johnny123@gmail.com and your compromised password. You can still use Johhny123@gmail.com going forward but you should change the password anywhere it's used.



This doesn't matter, that's a local cache on your local computer.
These days, as you know, many sites use your email as the user ID. Therefore, what I do is I have one password for my Gmail, and then for all other sites that uses my Gmail as user ID, I have a different password for them. Is this arrangement secure?
Rate this post positively Reply With Quote Quick reply to this message
 
Old 03-04-2021, 08:40 AM
 
Location: The DMV
5,037 posts, read 8,908,412 times
Reputation: 5867
Quote:
Originally Posted by RobertFisher View Post
These days, as you know, many sites use your email as the user ID. Therefore, what I do is I have one password for my Gmail, and then for all other sites that uses my Gmail as user ID, I have a different password for them. Is this arrangement secure?
When you say a "different password" for the other sites - are those unique? They should be. So you may have 3 portals you access that uses your gmail address. But each of those sites should have a unique password. That said, you can also do it by "type". Certainly the more personal info a site stores, the more you'd want to pay attention to it.

Just a tip (and potentially off topic) - since you are using gmail. Gmail actually ignores periods. Meaning if your gmail address is robert.fisher@gmail.com. Gmail still sees it as robertfisher@gmail.com.

What you can do is just add a period in different areas on some sites to make it unique to that site. For example, you may use your email to log into your home depot account. Well, you can just make it robertfish.er@gmail.com. Any emails they send to you will still get to you. You can also potentially tell if HD is selling your info. If you start getting spam sent to robertfish.er. You pretty much know it came from HD.

Some email system (including Gmail) also allows tags. Which is denoted by a plus (+) sign.
Using the sample above, you can make your login roberfisher+hd@gmail.com. The email will still be sent to robertfisher@gmail.com. But you can use that tag to organize or filter emails. This is of course if the portal also accepts that "+" character.
Rate this post positively Reply With Quote Quick reply to this message
 
Old Yesterday, 03:27 PM
 
Location: Fountain Valley Ca.
497 posts, read 257,035 times
Reputation: 914
I get that at times. Last time I looked it said I have around 99 compromised passwords. I changed the ones that looked more current or more important, but all the rest are passwords to old sites that I haven't visited for years. It would take forever to go through and change them all so I'll continue to ignore it. For now.
Rate this post positively Reply With Quote Quick reply to this message
 
Old Today, 06:16 AM
 
Location: Idaho
3,652 posts, read 3,118,719 times
Reputation: 7628
Same here. Just got one the other day, deleted the message and then went to the internet and opened google and looked them over. Most were for websites I have forgotten about years ago.
Rate this post positively Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply

Quick Reply
Message:


Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Internet
Similar Threads

All times are GMT -6.

© 2005-2021, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Contact Us - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37 - Top