Using 2-Step Verification with GMail

2 pages

In the recount of what happened yesterday regarding my hacked Paypal account, I realized that it was my GMail that was originally compromised and used to reset my Paypal password.

After realizing that, I went and changed my Google Account password and used their 2-Step Verification process.

To those who have been asking in the comments what is and how to activate the Google 2-Step Verification feature, this video should give you the details:

I really don’t know how my GMail was compromised but it could be one of several possible ways:

I’ve lost an iPhone 3G, Nexus One and iPhone 4 in the last 12 months and it’s possible its been sold to the grey market with my GMail account still logged in.

Public terminal. I remember going to a net cafe last week to have my ID and Passport scanned and emailed. I remember shutting down the browser but could not remember if I explicitly logged out.

WiFi Sniffing. This is rare but still possible — my account could have been sniffed over free public WiFi. I even bring my SmartBro Share-It around and leave it without any password so others can use it too (I like to share my net connection). I’m now locking my WiFi.

At least 3 of my staff also have access to my GMail account so that’s a huge security hole there as well. I trust them but it’s possible they’re not very careful when they need to access my account online.

In any case, this has been a lesson for me and hopefully a reminder to everyone reading this as well. Go try the 2-step verification process so you have some peace of mind.