Hacked Gmail Accounts - Hacked Gmail Passwords

Thanks for the heads up Ray!

 

Everyone should still have two step verification in place on all of their emails.

 

I've had two step on my Gmail account for quite a while. It's a great security feature. The only problem I've had with it which was my fault is the time I flashed my phone and forgot to turn off 2 Step on my accounts. What a PITA that was. Luckily I had backup codes in a true crypt volume that I knew the password too.

I have two step on my primary Gmail, Lastpass, Dropbox, Dreamhost, CMS Commander, and Digital Point (not sure why DP, I rarely login).

Lastpass recently started supporting Transakt which I'd never heard of. I trust Lastpass though and they put it into the fold it must be good. So, I tried it out. It's neat. Basicly on login you get a notification on your phone to accept or approve login, no copying of codes needed. Transakt still has codes for backup purposes but it's a whole lot easier just to hit accept rather than remember a 6 digit code.

 

Yes, indeed.

But it's also a reason why I like to go to an email-only service (i.e. no social type stuff [like Google+, chat, etc.]) with low cost and great customer support. I use Fastmail, Runbox and EuMX. True, the services I have right now don't have 2FA (yet). But for the time being I think they're still mostly 'under the radar.' Besides, I do have a 30+ character password for each of those accounts, so I should be okay if those passwords get stolen, no?

Anyway, I'll inform my relatives who have Yahoo accounts (since those were also hacked) about the password theft. There doesn't seem to be a publicly accessible list of exactly whose account passwords were stolen.

 

Well, there's an optional 2FA at FM, but it's more for safety away from home, i.e. if you're logging in on a public computer, you can use a one-time password with 2FA, so that if someone sees the password used they're prevented from gaining access to your account on two fronts (OTP and 2FA). But the main account can still be accessed by using the master password alone.

For any interested, see this thread (and the FM rep's response in post #6).

Edit: EQ isn't allowing my link {fixed link}