All the latest UK technology news, reviews and analysis
|
|
|
24 Mar 2010
Google is to notify users of suspicious activity on their Gmail accounts in an attempt to reduce spam and cyber crime.
The company will provide details on when a user's account was last accessed, along with the IP addresses used to log-in to the account.
The new feature will present a log-in history sorted by IP address and location. Users will also be notified if a Gmail account is accessed from a different part of the world, and given the opportunity to change their log-in credentials from within the same window.
Google is planning to extend the feature to its Apps online productivity suite.
The search giant said that the new feature will help to prevent attackers hijacking accounts and using the names for spam activity or social engineering attacks directed towards the user's friends and family.
"While we don't have the capability to determine the specific location from which an account is accessed, a log-in appearing to come from one country and occurring a few hours after a log-in from another country may trigger an alert, " wrote Google engineering director Pavni Diwanji in the Google security blog.
"Keep in mind that these notifications are meant to alert you of suspicious activity, but are not a replacement for account security best practices."
Latest stories from Web
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Python Developer / Python Django Team Leader London 55k...
Java Architect / Application Architect London 70k...
SQL Server Developer SQL Server Banking SQL Server...
User Interface Developer / UI Developer / User interface...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
There is a flaw...
Those that have stolen the login details see the statistics and are offered a means to change the password so hijacking the account completely. A possible solution. Two passwords, a user selectable or generated one for normal use and a separate one, always Google generated and strong, that is used to purely reset the password on the main account (the password used for collectin emails). This new replacement password for accessing the email would be displayed only on the screen for writing down or printing, not sent in an email (obviously this would fall into the criminals hands if it was). This special resetting password could be displayed on the screen at the time of account creation (I assume the hijacker isn't in the same room) telling the user to print the page or write the number down. This password would only ever be used for resetting the main password (the special page it took one to could also have buttons to suspend the account etc). You get the rough idea. It's a point of creation master password that is used with the normal login to trigger a warning to Google at the same time as resetting the password for the user so rendering the email account unusable to the criminal. Tada! Well, I'm sure the idea has flaws but it's the best I can come up with for web mail.
Posted by: David Lambert 25 Mar 2010