It is currently March 28th, 2024, 12:07 pm

Safety of login credentials?

Get help with creating, editing & fixing problems with skins
ttg trickshotzz
Posts: 13
Joined: September 29th, 2013, 9:40 pm

Safety of login credentials?

Post by ttg trickshotzz »

Hi,
Ive been using a gmail skin for years now with no problem but recently i got an email from Google saying that my account is compromised and a login attempt was blocked from Vietnam. I promptly changed my password and scanned for viruses, none were detected. I then formatted my SSD and reinstalled a fresh Windows. 1 week later same thing, different login location.
I understand that while my gmail credentials are stored as plain text, they are encrypted and logged in via HTTPS so decrypting them externally would be difficult.
This leads to believe that maybe there was an undetected sniffer/keylogger that caught my new password before i formatted?
Or are there any other vulnerabilities to the skin im not thinking of?
Im lost without the skin to be honest.
Thanks
User avatar
jsmorley
Developer
Posts: 22628
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: Safety of login credentials?

Post by jsmorley »

ttg trickshotzz wrote:Hi,
Ive been using a gmail skin for years now with no problem but recently i got an email from Google saying that my account is compromised and a login attempt was blocked from Vietnam. I promptly changed my password and scanned for viruses, none were detected. I then formatted my SSD and reinstalled a fresh Windows. 1 week later same thing, different login location.
I understand that while my gmail credentials are stored as plain text, they are encrypted and logged in via HTTPS so decrypting them externally would be difficult.
This leads to believe that maybe there was an undetected sniffer/keylogger that caught my new password before i formatted?
Or are there any other vulnerabilities to the skin im not thinking of?
Im lost without the skin to be honest.
Thanks
I think that given that your access to gmail via the skin is with HTTPS and so is encrypted end-to-end, any external vulnerabilities would be unlikely. The biggest risk is the physical PC, which is going to have your email id and password in the .ini or a .inc file in unencrypted text. Assuming your PC is not open to public access, and you don't have any family or friends that are Vietnamese agents. This should be ok.

I suspect you have something else going on, as you say, some keylogger or other malware on your PC or any of the other devices that you access your Google account from (phone, tablet, etc) perhaps. Remember that you don't have a gmail account, you have a Google account. Since you have formatted and re-installed Windows now, I would go to Google and change everything about your account. The password, security questions, alternate email address, all that. Then you might want to set up two-factor authentication, which is added protection.

There is nothing particularly insecure about how you are using gmail with a skin, with the glaring exception of the physical access to the PC mentioned above. If you are not sure your PC is is a safe environment, where your login credentials to Windows are enough to keep casual eyes from trolling around in your files, I wouldn't use a gmail skin. If you are, then I would think it is fine.
ttg trickshotzz
Posts: 13
Joined: September 29th, 2013, 9:40 pm

Re: Safety of login credentials?

Post by ttg trickshotzz »

It is just me that has access to the PC so ill try using it again and hope the Vietnamese agents have moved on to bigger fish :lol:
Thank you very much sir, very helpful as always!
ttg trickshotzz
Posts: 13
Joined: September 29th, 2013, 9:40 pm

Re: Safety of login credentials?

Post by ttg trickshotzz »

Okay so i literally just loaded up the skin and hey presto "Blocked Sign-in" email from google
ttg trickshotzz
Posts: 13
Joined: September 29th, 2013, 9:40 pm

Re: Safety of login credentials?

Post by ttg trickshotzz »

*image removed*
Last edited by ttg trickshotzz on June 25th, 2017, 2:16 am, edited 2 times in total.
User avatar
jsmorley
Developer
Posts: 22628
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: Safety of login credentials?

Post by jsmorley »

ttg trickshotzz
Posts: 13
Joined: September 29th, 2013, 9:40 pm

Re: Safety of login credentials?

Post by ttg trickshotzz »

Yes but with Allow secure apps turned off, the skin doesnt work. I am curious to know why others can still access it without this issue?
User avatar
jsmorley
Developer
Posts: 22628
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: Safety of login credentials?

Post by jsmorley »

ttg trickshotzz wrote:Yes but with Allow secure apps turned off, the skin doesnt work. I am curious to know why others can still access it without this issue?
Not really sure. I have always had "allow access to less secure apps" turned "on" with my account, I don't think a Rainmeter gmail skin will ever work with that turned off.
ttg trickshotzz
Posts: 13
Joined: September 29th, 2013, 9:40 pm

Re: Safety of login credentials?

Post by ttg trickshotzz »

Ah yes, sorry that was a typo, i meant 'on' :P (updated above). It was always turned on by default for me so why its affecting me now is quite odd alright. Surely though this means it was unlikely to be malware in the first place? That email literally popped up not 2 seconds after loading the skin
User avatar
jsmorley
Developer
Posts: 22628
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: Safety of login credentials?

Post by jsmorley »

If you have two-factor authentication turned on, you will need to do this:

https://support.google.com/accounts/answer/185833?hl=en
Post Reply