Experiment: forgetting your Google account password Jul25 '07
I thought of an interesting conundrum the other day, involving my Google account.
Since I store a lot of valuable, personal information on my Google account, I decided to change my password.
I realized that if I ever forgot my Google password, I'd be locked out of all Google applications, such as Gmail, Google Notebook, Google Calendar, etc.
For convenience, I store my master passwords in a Google Notebook. However, that would do me no good if I forgot the very password to that notebook.
Also, if I tell Google I forgot my password, they'll send me it via email. But remember I can't get into Gmail, so what good would that do?
Turns out Google asks you for an alternate email address, presumably something outside of the Gmail realm.
OK. This won't work either, since I currently forward all of my "custom" email addresses to my Gmail account.
I bet you're starting to see the circle here...
Even if I could access an "alternate" email address, what's to stop someone from supplying their own email address for my account?
Let's test it
I decided to test the process, in order to see for myself how it works.
Logging out of my Google accounts session, I chose: "I cannot access my account."
I then picked; "I forgot my password."
I put in my Gmail account username, and hit Submit.
After inserting a CAPTCHA, I was presented with this message:
We've sent instructions to the secondary email address you provided during signup.
If you don't have a secondary email address, or if you no longer have access to that account, please try the "Forgot your password?" link again after five days. At that point, you'll be able to reset your password by answering the security question you provided when you created your account.
To prevent someone from trying to break into an account you're actively using, the security question is only used for account recovery after an account has been idle for five days. The Gmail team cannot waive the five day requirement or access your password under any circumstances.
If you're unable to answer your security question or access your secondary email account, we regret that the Gmail team cannot provide further assistance. If you're concerned about the security of your account, please visit our Security Center.
So you should probably make sure the secondary email address is active and accessible, outside of Gmail.
Still, this approach seems awfully insecure. The security question is the only thing between my data and a malicious person? Not a very comforting thought.
Isn't there a better way to achieve this kind of confirmation?
Related
A day after I wrote the draft to this post, I noticed this article fromm ZDNet, discussing secure email.
Add Feedback (view all)
Leave feedback
what if you forget your alternate email? thats what I did ... Read more.
matthom 
is published and produced by Matt Thommes - an independent publishing enthusiast, mobile blogger, content creator, informative writer, web developer from a suburb of Chicago.
Never one to conform, Matt intends to promote the effect the web has on our lives, in an effort to intensify, instruct, and clarify all that is happening around us.
Popular Pages
- Fast rounded corners in Photoshop (4135 recent visits)
- PHP – passing variables across pages (1552 recent visits)
- JavaScript set selected on load (1285 recent visits)
- Removing all child nodes from an element (878 recent visits)
- iPod songs out of order? (745 recent visits)
- Britney - Everytime piano tab (669 recent visits)
- Firefox 3 smart address bar: wildcard search (626 recent visits)
- MySQL LEFT JOIN syntax (540 recent visits)
- Breathe Me - Sia (505 recent visits)
- Tumblr: how blogging should be (399 recent visits)
Similar Entries
- Google Maps traffic is cute, but no Traffic.com (30 recent visits)
- Daring Fireball membership denied in Google Reader, Bloglines (12 recent visits)
- Paste multiple lines in Google Maps, Firefox (52 recent visits)
- Google Maps quick reminder: Saved locations (1 recent visits)
- Firefox keyword search: Google glossary definition (2 recent visits)
- Google Reader published time useful for Twitter updates (12 recent visits)
Stats
80 unique visits since August 2008
Recent Referrers (click)
- how do I find someones gmail password
- breaking gmail account passwords
- find out someones gmail password
- how to find out someones password
- password breaking for gmail
- http://msxml.excite.com/info.x
- how to break into someones email
- find out someones gmail password
- who to get someones gmail password?
- find someones gmail password
- finding someone's gmail password
- gmail password google apps locked out
- how to get some ones gmail passwrod
- break gmail account password
- how to get my google mail password
- how to find out someones password gmail email
- how to break password for gmail
- what to do when forgetting my password
- Forgetting your password gmail
- getting someones password from there gmail account
I have switched from gmail to BigString. Here's some info if your interested: BigString (http://www.bigstring.com), the new free webmail p ... Read more.