What the fuck is the point of me having 2FA enabled if someone can just use backup codes to access my email account?
Just got this email. Apparently somebody hacked into my email account even though I have 2FA enabled, and when I look under devices, it's from somebody's Pixel 2 phone. I don't own a Pixel 2 phone. So I locked this person's phone and set a new password for them with a message saying to call me if they want to recover their phone.
Other urls found in this thread:
pgcon.org
twitter.com
Passwords changed too but should I try to erase this guy's phone now?
>What the fuck is the point of me having 2FA enabled if someone can just use backup codes to access my email account?
Why did you set up backup codes if you didn't want to be able to access your account with backup codes?
>random guy needs to recover his account
>accidentally enters the wrong code
>now his phone is bricked
op confirmed bully
I didn't think I did. I thought Google put those in as a backup automatically.
I made a recovery message flash on his screen saying to call me and leaving my phone number if he wants his phone back. Most likely nothing will happen because of this or he just doesn't speak English and will be pissed.
That's not how recovery codes work.
Backup Codes are forced on you if you enable 2FA
If you saved that raw text file of backup codes no shit someone's gonna dig through your files and get into your account
If you're telling me someone bruteforced your account attempting every possible code combination then they already had your password in the first place and you should have checked your emailed sign in attempts
I didn't save a raw text file of that. If I did, it must have been years ago because I sure don't know where it is. I don't think I ever did that though. Password changed now though and I'll reset the 2fa too.
The real question should be how somebody got access to your backup codes. They can't get into your account to make backup codes without having them or your authenticator in the first place, as far as I know. If you made the backup codes yourself, maybe they got access to whatever place you were storing them in.
Google System Architecture Is Super Fucked Up, Bloated Everywhere, Lets Move to Another Russian Products and Search Engine Guys, More Better
a real chad would inform the police and claim that that pixel 2 is your's and that why it is locked.
based && redpilled
How the fuck do people actually get hacked?
Ive used the internet like a literal child the past 10 years and no such thing has ever happened to me
> implying that's not the case for another Russian product
Yandex moved its mail from Oracle in 2016 (!)
pgcon.org
There are still parts functioning on that boomer RDBMS.
So you're giving a hacker your phone number, which he can now spoof to get 2FA messages for all your other accounts?
Please tell me you got his location first?
Or, at least, wiped his phone. Then just deal with google.
Using the same password on multiple accounts
> site db leaked
> run script to find users who use same password
> works on you
> pwnd
I once had Russians steal info to my Facebook, Google, Yahoo email, etc years ago. Luckily it was odd and only Yahoo was stolen. It was right after I dumped a Russian native ex of mine and kicked her out, I'm convinced she was responsible.
That or all the mass torrenting from sketchy pyccкий websites she did on her laptop while on my wifi.
I wonder how often people who use pre/postfixes or a general password pattern get pwned this way. Not that I'm one of those people, mind you, not at all...
99% of the time you get hacked because let's say Dropbox gets their hashes and salts leaked and then you run it against your dictionary to try and match the hashes. If you get any hits it'll show you the password then you can go from there
It's even easier If a database of emails get leaked from popular websites because then you can just search the file for known hacked email addresses and just run the known passwords associated with the email to see if it works
This is why you always use a different password and change them every 6 or so months. I've had an old email hacked like this when I was young and it got me interested In cyber security ever since. I think EA or something had a database leaked
google is retarded