5 Million Gmail Passwords Leaked, Check Yours Now

[Boo Berry]

Two-factor authentication, it's worth it folks.

[Draconian Guppy]

Two-factor authentication, it's worth it folks.

My beef with two factor authorization is, if you are in a place (another country) and don't have voice or text, you are screwed ( in gmail anyway)

[Boo Berry]

My beef with two factor authorization is, if you are in a place (another country) and don't have voice or text, you are screwed ( in gmail anyway)

Google Authenticator is your friend. :)

[ichi]

My beef with two factor authorization is, if you are in a place (another country) and don't have voice or text, you are screwed ( in gmail anyway)

 

Google Authenticator doesn't need any connection to anything, and you can also print a list of one time emergency codes.

[+Warwagon MVC]

How many people here have two-factor authentication setup?

 

I have it turned on and if they even attempt to get in i'll get a text.

[Boo Berry]

I've been running two-factor authentication for a good while now. I've also just applied it to other accounts (other than Gmail) too. Works great!

[dead.cell]

Looks like one of mine was in the list. I think I'm due for a global password change up anyway.

 

Thanks for posting. (Y)

[Jason S. Global Moderator]

that "check" site doesnt work now. how else are we supposed to know if we're affected?

[Boo Berry]

Probably best to just change your password anyways.

[Pupik]

that "check" site doesnt work now. how else are we supposed to know if we're affected?

Download the file and see if any of your e-mails is on the list:

https://www.neowin.net/forum/topic/1229175-5-million-gmail-passwords-leaked-check-yours-now/?view=findpost&p=596574361

[+Warwagon MVC]

Probably best to just change your password anyways.

 

and turn on two-factor authentication.

[Boo Berry]

and turn on two-factor authentication.

Oh yes, this.

[+Audioboxer Subscriber²]

Oh balls I am on the list. I use a lastpass generated password as well :/

 

The isleaked site gave me the wrong characters for my password though, so maybe its an old one. Changed and done 2step anyway.

[Draconian Guppy]

Google Authenticator doesn't need any connection to anything, and you can also print a list of one time emergency codes.

Enter a verification code

Then, you'll be asked for a code that will be sent to your phone via text, voice call, or our mobile app.

https://www.google.com/landing/2step/#tab=how-it-works

that "check" site doesnt work now. how else are we supposed to know if we're affected?

It's getting hammered, try again.

[Boo Berry]

Guppy, read this: https://support.google.com/accounts/answer/1066447?hl=en

 

Works offline. But you have to enable authentication by app instead of SMS.

[Draconian Guppy]

Guppy, read this: https://support.google.com/accounts/answer/1066447?hl=en

 

Works offline. But you have to enable authentication by app instead of SMS.

Thanks, will give this a go!

[Guth]

mine was on it too. An old password but still, I used to use the same password for everything when it was the password they had.

 

Pretty scary. Now I use LastPass and let it randomly generate 20 character passwords with symbols etc.

 

I'm really freaked out that they had my password. Would love to know how it got on there

[Boo Berry]

Here's a helpful video for you or and anyone else thinking about enabling using two-factor authentication with the Google Authenticator phone app for Gmail/YouTube/etc.

 

[Circaflex]

I have a few questions regarding the two-factor auth.

 

 

How does this affect my android phone? each time it syncs or does anything with my account will I need to enter in a code for it to sync?

What about outlook email client on my laptop, anytime I send or receive will it have me enter a code?

[+Audioboxer Subscriber²]

I have a few questions regarding the two-factor auth.

 

 

How does this affect my android phone? each time it syncs or does anything with my account will I need to enter in a code for it to sync?

What about outlook email client on my laptop, anytime I send or receive will it have me enter a code?

 

You can save trusted devices to only need the password.

[Circaflex]

Thanks Audioboxer

[+Audioboxer Subscriber²]

I think the password they have of mine was from years back when I bought gold from a WoW site. I had my gmail accessed by china back then but managed to get it flagged right away and Blizzard to sort my WoW account.

 

The first two letters that site gives me is old. Will go through my lastpast vault now though to see if there is still any sites I use it on (won't be important sites, old forums and stuff but still).

[Circaflex]

Are you Audioboxer on xda too? haha I think you are! I see weve been in the PA thread together lol

[Radium]

I can't find anything related to me. I changed my passwords anyway. Better to be safe than sorry.

[techbeck]

Still no real info on this.  And a lot of site are not even reporting it.  Odd.