ISF Logo   IS Forum
Forum Index Register Members List Events Mark Forums Read Help

Go Back   International Skeptics Forum » General Topics » Computers and the Internet
 


Welcome to the International Skeptics Forum, where we discuss skepticism, critical thinking, the paranormal and science in a friendly but lively way. You are currently viewing the forum as a guest, which means you are missing out on discussing matters that are of interest to you. Please consider registering so you can gain full use of the forum features and interact with other Members. Registration is simple, fast and free! Click here to register today.
Reply
Old 8th February 2018, 04:52 PM   #1
Foolmewunz
Grammar Resistance Leader
TLA Dictator
 
Foolmewunz's Avatar
 
Join Date: Aug 2006
Location: Pattaya, Thailand
Posts: 37,880
Google just blocked a "less secure app"....

I got this here message advising me that a "less secure app" tried to log-in on my Gmail account.

Is this legit? They want me to change my password.

What's a "less secure" app, and if they blocked it, doesn't that mean I don't have to worry about it? Or is this the harbinger of bad things to come and a bunch of guys with peglegs, eyepatches and parrot **** on their shoulders are now sitting around a cafe in Rio trading my information.

Thing is,... they don't identify the app. They don't say "Do you want XYZ Shmeckenfurger Software to have access?" They ask if I want to just go ahead and allow "Less Secure Apps".

I would think that Gmail addresses are pretty visible and it's likely to be a brute force attempt. OTOH.... are they saying that the less secure app already has my password and they blocked it simply because it's a less secure app?
__________________
Ha! Foolmewunz has just been added to the list of people who aren't complete idiots. Hokulele

It's not that liberals have become less tolerant. It's that conservatives have become more intolerable.

Last edited by Foolmewunz; 8th February 2018 at 04:56 PM.
Foolmewunz is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 8th February 2018, 05:14 PM   #2
bytewizard
Graduate Poster
 
bytewizard's Avatar
 
Join Date: Jan 2016
Location: In the woods
Posts: 1,820
Originally Posted by Foolmewunz View Post
I got this here message advising me that a "less secure app" tried to log-in on my Gmail account.

Is this legit? They want me to change my password.

What's a "less secure" app, and if they blocked it, doesn't that mean I don't have to worry about it? Or is this the harbinger of bad things to come and a bunch of guys with peglegs, eyepatches and parrot **** on their shoulders are now sitting around a cafe in Rio trading my information.

Thing is,... they don't identify the app. They don't say "Do you want XYZ Shmeckenfurger Software to have access?" They ask if I want to just go ahead and allow "Less Secure Apps".

I would think that Gmail addresses are pretty visible and it's likely to be a brute force attempt. OTOH.... are they saying that the less secure app already has my password and they blocked it simply because it's a less secure app?
Gmail considers regular email programs and backup programs to be "less secure," so in order for them to get access into your account, your "Allow less secure apps" option must be turned on.

Such programs are probably "less secure" because they only use your email address and password to get into your account, compared to other methods (like a web browser) where Gmail can employ additional security.

Here's how to find this Gmail security option:
•Open your web browser, e.g., Internet Explorer, Safari, Mozilla Firefox, Google Chrome, Opera, etc.
•Go to the www.gmail.com web site.
•Sign into your account.
•At the top right, click the colorful circle containing a capital letter (usually the first letter of your first name).
•In the menu that appears, click "My Account."
•A new browser tab or window will open.
•Under "Sign-in & security" click "Apps with account access."
•Scroll down and look at the "Allow less secure apps" option on the right.
If that option is "OFF," then your regular email program or backup program will probably not be able to access your Gmail account, even if the password and server settings you've entered are correct.

You will need to click the "circle/slider" at the far right to turn this option ON. This change takes effect immediately, and it will probably also generate a "Security alert for your linked Google account" email to you, notifying you that "Access for less secure apps has been turned on," just in case someone else (like a hacker) did this without your permission. (Gmail apparently doesn't notify you when this option gets turned OFF.)

You can now go back to your email or backup program, and you'll probably find that it can access your Gmail account with no errors.
bytewizard is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 8th February 2018, 05:40 PM   #3
Foolmewunz
Grammar Resistance Leader
TLA Dictator
 
Foolmewunz's Avatar
 
Join Date: Aug 2006
Location: Pattaya, Thailand
Posts: 37,880
Ah, okay. But I have no idea what app might be trying to access the info... something at about 5pm in Sao Paulo, they say. (I assume, though, that one or another program probably links to it. My GMail is via my Google, anyway.)

Is there anything to be lost if I just leave it off? I can't think of an app that I actually WANT to be able to access or link to my GMail. I'd think I'll just get more annoying emails reminding me of crap I don't care about (I get enough of those from Linked In already).
__________________
Ha! Foolmewunz has just been added to the list of people who aren't complete idiots. Hokulele

It's not that liberals have become less tolerant. It's that conservatives have become more intolerable.
Foolmewunz is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 8th February 2018, 05:43 PM   #4
Skeptic Ginger
Nasty Woman
 
Skeptic Ginger's Avatar
 
Join Date: Feb 2005
Posts: 66,810
Originally Posted by Foolmewunz View Post
Ah, okay. But I have no idea what app might be trying to access the info... something at about 5pm in Sao Paulo, they say. (I assume, though, that one or another program probably links to it. My GMail is via my Google, anyway.)

Is there anything to be lost if I just leave it off? I can't think of an app that I actually WANT to be able to access or link to my GMail. I'd think I'll just get more annoying emails reminding me of crap I don't care about (I get enough of those from Linked In already).
Why do they want you to change your password? Sounds phishy, as in, are you sure the email is from Google?

I know you would know this, and ByteWizard is clearly more knowledgable than I, but I had to say it.

I mean, if someone has your G-mail password, wouldn't you want to go directly to the Google page and change it regardless of said message?
__________________
"Why do people say 'grow some balls'? Balls are weak and sensitive! If you really want to get tough, grow a vagina! Those things take a pounding!" — Betty White

Last edited by Skeptic Ginger; 8th February 2018 at 05:46 PM.
Skeptic Ginger is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 8th February 2018, 08:32 PM   #5
Foolmewunz
Grammar Resistance Leader
TLA Dictator
 
Foolmewunz's Avatar
 
Join Date: Aug 2006
Location: Pattaya, Thailand
Posts: 37,880
Originally Posted by Skeptic Ginger View Post
Why do they want you to change your password? Sounds phishy, as in, are you sure the email is from Google?

I know you would know this, and ByteWizard is clearly more knowledgable than I, but I had to say it.

I mean, if someone has your G-mail password, wouldn't you want to go directly to the Google page and change it regardless of said message?
Well, they don't actually initially invite you to change your password. You click to view your security settings and the first item on there says, "You've notified us that something doesn't look right, so let's change your password....." or something like that.

I didn't notify them. They notified me. And I go through the whole page without changing my password and Gmail has full access, my Boomerang calendar has some access, and Adobe has even more limited access, and THAT IS ALL.

I'm content with this. Let them continue blocking whomever that was. There are all sorts of apps that say they want access and I don't grant it. If one of them (Steam? XBox Games?) tried to get into my Google details, I'm glad they were blocked.


All my passwords are related. I have a document somewhere that says something like:

Google - Plus 1
BKKBK - Plus 17
Laz - Minus 106
EspFr - / 2
LogTra - *4

etc... those aren't the real formulae, just examples. I have one that says "square" and I square the number in the middle of the password.

All of those are based on an 8 character (UC, LC, symbols) base password that is no where to be found because it is in my head. In the middle of it are some numbers and I perform the mathematical functions on a certain amount of those numbers. What had happened is I had clever passwords for a dozen different sites and often had to guess forty times as to which cleverness I'd used that day when I signed up at whatever.com,.... and there's no way I want Google or any app saving a list for me. That just seems stupid.
__________________
Ha! Foolmewunz has just been added to the list of people who aren't complete idiots. Hokulele

It's not that liberals have become less tolerant. It's that conservatives have become more intolerable.

Last edited by Foolmewunz; 8th February 2018 at 08:34 PM.
Foolmewunz is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 8th February 2018, 11:00 PM   #6
xterra
So far, so good...
 
xterra's Avatar
 
Join Date: Apr 2012
Location: On the outskirts of Nowhere; the middle was too crowded
Posts: 2,873
FMW, take a look at KeePass, a free password manager program. I have been using it for at least 8 years. https://keepass.info/

I like it because it doesn't keep its information "in the cloud," but only on my computer. It also can generate passwords, and it can even recognize websites and automatically type username and password -- when I tell it to.

Another nice feature is that for websites that want you to answer security questions, you can list the question and answer in the KeePass entry, so if the question is "what's your mother's maiden name," I can use "Foolmewunz" as an answer, and if I need to find that answer I can.

At the moment, my database file has about 215 username/password entries in it.

This isn't the only piece of software that you could use for the purpose; there are others.
__________________
Over we go....
xterra is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 9th February 2018, 06:42 AM   #7
Foolmewunz
Grammar Resistance Leader
TLA Dictator
 
Foolmewunz's Avatar
 
Join Date: Aug 2006
Location: Pattaya, Thailand
Posts: 37,880
Originally Posted by xterra View Post
FMW, take a look at KeePass, a free password manager program. I have been using it for at least 8 years. https://keepass.info/

I like it because it doesn't keep its information "in the cloud," but only on my computer. It also can generate passwords, and it can even recognize websites and automatically type username and password -- when I tell it to.

Another nice feature is that for websites that want you to answer security questions, you can list the question and answer in the KeePass entry, so if the question is "what's your mother's maiden name," I can use "Foolmewunz" as an answer, and if I need to find that answer I can.

At the moment, my database file has about 215 username/password entries in it.

This isn't the only piece of software that you could use for the purpose; there are others.
Thanks. I may have to. They just policed another attempt, but their notifications, frankly, suck. They don't tell you what App it is, just the location the attempt came from. Surely Google knows about the world-wide-web and that the location means nothing. First one was from Sao Paulo, the most recent one was from Hanoi.

The only thing I added recently was an Adobe "read only" and it's not shown on my approved list. I saw .pdf before and didn't realize it's "Lumin", there own app. I posted something over on one of their help forums; I'll see if they respond with anything sensible.

It just seems to me that if they are successfully blocking "less secure apps" that I haven't approved of anyway, their email is tantamount to "Hi there, our product is doing its job; just thought you should know."
__________________
Ha! Foolmewunz has just been added to the list of people who aren't complete idiots. Hokulele

It's not that liberals have become less tolerant. It's that conservatives have become more intolerable.
Foolmewunz is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 9th February 2018, 06:54 AM   #8
paulhutch
Master Poster
 
Join Date: Mar 2010
Location: Blackstone River Valley, MA
Posts: 2,140
Originally Posted by Foolmewunz View Post
Thanks. I may have to. They just policed another attempt, but their notifications, frankly, suck. They don't tell you what App it is, just the location the attempt came from. Surely Google knows about the world-wide-web and that the location means nothing. First one was from Sao Paulo, the most recent one was from Hanoi.

The only thing I added recently was an Adobe "read only" and it's not shown on my approved list. I saw .pdf before and didn't realize it's "Lumin", there own app. I posted something over on one of their help forums; I'll see if they respond with anything sensible.

It just seems to me that if they are successfully blocking "less secure apps" that I haven't approved of anyway, their email is tantamount to "Hi there, our product is doing its job; just thought you should know."
That's is correct, they are notifying you just in case it is a bad guy intentionally trying to attack you specifically in which case a password change would be prudent.

FYI -Lumin PDF is not a Google app, it is distributed from the Chrome store and it works with Google drive but it is not a Google product, it's from Nitrolabs Limited. Also the reason they can't give a better error message is because the attempts to login are not providing more information, one of the things that makes that type of login less secure.
paulhutch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 12th February 2018, 11:43 PM   #9
Molinaro
Illuminator
 
Molinaro's Avatar
 
Join Date: Dec 2005
Posts: 4,123
Originally Posted by Foolmewunz View Post
Ah, okay. But I have no idea what app might be trying to access the info... something at about 5pm in Sao Paulo, they say. (I assume, though, that one or another program probably links to it. My GMail is via my Google, anyway.)

Is there anything to be lost if I just leave it off? I can't think of an app that I actually WANT to be able to access or link to my GMail. I'd think I'll just get more annoying emails reminding me of crap I don't care about (I get enough of those from Linked In already).
I got that warning when I tried to login to my gmail account from a tablet using the default "inbox" app on the tablet.

It is an innocuous warning if you know it was you trying to login from a different device.
__________________
100% Cannuck!
Molinaro is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 12th February 2018, 11:45 PM   #10
Molinaro
Illuminator
 
Molinaro's Avatar
 
Join Date: Dec 2005
Posts: 4,123
Originally Posted by Foolmewunz View Post
Well, they don't actually initially invite you to change your password. You click to view your security settings and the first item on there says, "You've notified us that something doesn't look right, so let's change your password....." or something like that.

I didn't notify them. They notified me. And I go through the whole page without changing my password and Gmail has full access, my Boomerang calendar has some access, and Adobe has even more limited access, and THAT IS ALL.

I'm content with this. Let them continue blocking whomever that was. There are all sorts of apps that say they want access and I don't grant it. If one of them (Steam? XBox Games?) tried to get into my Google details, I'm glad they were blocked.


All my passwords are related. I have a document somewhere that says something like:

Google - Plus 1
BKKBK - Plus 17
Laz - Minus 106
EspFr - / 2
LogTra - *4

etc... those aren't the real formulae, just examples. I have one that says "square" and I square the number in the middle of the password.

All of those are based on an 8 character (UC, LC, symbols) base password that is no where to be found because it is in my head. In the middle of it are some numbers and I perform the mathematical functions on a certain amount of those numbers. What had happened is I had clever passwords for a dozen different sites and often had to guess forty times as to which cleverness I'd used that day when I signed up at whatever.com,.... and there's no way I want Google or any app saving a list for me. That just seems stupid.
I use the same password everywhere: INCORRECT

When I get it wrong the login program tells me, "The password is incorrect."

__________________
100% Cannuck!
Molinaro is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 13th February 2018, 08:30 AM   #11
xterra
So far, so good...
 
xterra's Avatar
 
Join Date: Apr 2012
Location: On the outskirts of Nowhere; the middle was too crowded
Posts: 2,873
Unless it tells you that "The password is wrong."
__________________
Over we go....
xterra is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 13th February 2018, 05:14 PM   #12
GodMark2
Master Poster
 
GodMark2's Avatar
 
Join Date: Oct 2005
Location: Oregon, USA
Posts: 2,033
Originally Posted by xterra View Post
Unless it tells you that "The password is wrong."
That's because your password is different from Molinaro's

Mine just says "Invalid username/password combination."

Should I upgrade to one of these fancier versions that help me out when I'm having a senior moment?
__________________
Knowing that we do not know, it does not necessarily follow that we can not know.
GodMark2 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Reply

International Skeptics Forum » General Topics » Computers and the Internet

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 11:22 PM.
Powered by vBulletin. Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
© 2014, TribeTech AB. All Rights Reserved.
This forum began as part of the James Randi Education Foundation (JREF). However, the forum now exists as
an independent entity with no affiliation with or endorsement by the JREF, including the section in reference to "JREF" topics.

Disclaimer: Messages posted in the Forum are solely the opinion of their authors.