Did someone noticed that Gmail retains Last Password Changed History.
2,319 views
Skip to first unread message
hemant mittal
Jul 10, 2013, 9:56:56 AM7/10/13
to null-...@googlegroups.com
Hello Folks,
Did someone noticed, Gmail keep retains last password history. try with your last password at Gmail Login ,
"It will show the last password change history". Which I personally feels not correct in terms of security aspects. If in case an intruder come to know the last password, then by using some more multiple words and letter combinations, easier for intruder to know new password.
Thanks & Regards,
Hemant Mittal
webDEViL
Jul 10, 2013, 12:21:52 PM7/10/13
to null-...@googlegroups.com
Although I haven't checked.
But I feel the whole point of keeping the previous password is you don't keep a similar password. They are trying to avoid you changing a few digits at the end or so.
But I feel the whole point of keeping the previous password is you don't keep a similar password. They are trying to avoid you changing a few digits at the end or so.
And password reuse is a big no-no as well. So, I don't see a problem there.
--
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Regards,
webDEViL
E Hacking News
Jul 10, 2013, 12:21:12 PM7/10/13
to null-...@googlegroups.com
How can an intruder get ur old password from gmail?!!!!!
On 7/10/13, hemant mittal <heman...@gmail.com> wrote:
> Hello Folks,
>
> Did someone noticed, Gmail keep retains last password history. try with
> your last password at Gmail Login ,
>
> "It will show the *last password change history*". Which I personally feels
http://www.ehackingnews.com
Twitter : @EHackerNews
Facebook : fb.me/EHackerNews
On 7/10/13, hemant mittal <heman...@gmail.com> wrote:
> Hello Folks,
>
> Did someone noticed, Gmail keep retains last password history. try with
> your last password at Gmail Login ,
>
> not correct in terms of security aspects. If in case an intruder come to
> know the last password, then by using some more multiple words and letter
> combinations, easier for intruder to know new password.
>
> Thanks & Regards,
> Hemant Mittal
>
> know the last password, then by using some more multiple words and letter
> combinations, easier for intruder to know new password.
>
> Thanks & Regards,
> Hemant Mittal
>
> --
> null - Spreading the right Information
> null Mailing list charter:
> http://null.co.in/section/about/null_list_charter/
> ---
> You received this message because you are subscribed to the Google Groups
> "null" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to null-co-in+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
--
Sabari Selvan, founder of E Hacking News
> null - Spreading the right Information
> null Mailing list charter:
> http://null.co.in/section/about/null_list_charter/
> ---
> You received this message because you are subscribed to the Google Groups
> "null" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to null-co-in+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
--
http://www.ehackingnews.com
Twitter : @EHackerNews
Facebook : fb.me/EHackerNews
hemant mittal
Jul 10, 2013, 12:48:56 PM7/10/13
to null-...@googlegroups.com
Webdevil : If i am not wrong, gmail or google account doesn't contain any such Password Complexity benchmark. You can use similar kind of password. It will work. I usually use my password in such a manner and especially in Google account by changing few digits and letter. It always work.
#1. I seems this will be good advantage for the intruder if he able to track the last changed password.
#2. Even also, if I come to know password changed let say example for " Password changed to 4 months ago"- This is enough for me to know the user has not changed his/ her password from past 4 months.
@Sabri,
Mostly reasons to know password :)
#1. Password Sharing : Occurrence very high - in case of social networks.
#2. Brute force + Dictionary - Occurrence is medium : by using combination if I got the message ( "Password changed") this is enough for me to track newly password by using some more combination.
#3. Guess : Occurrence is low
Thanks & Regards,
Hemant Mittal
E Hacking News
Jul 10, 2013, 1:49:49 PM7/10/13
to null-...@googlegroups.com
If you are able to bruteforce the old passwords, then why can't u
bruteforce the current password? If he already know the passwords
though other methods, how can he abuse the password history.
bruteforce the current password? If he already know the passwords
though other methods, how can he abuse the password history.
hemant mittal
Jul 10, 2013, 11:26:36 PM7/10/13
to null-...@googlegroups.com
Yes, that correct, but can you determine the possibilities to know the current password in a direct hit - n - trial
Abusing password history is wrong sentence & gives wrong meaning.It is relevant and required during the time of giving new password but not during the Login authentication in mine understanding.
Mostly of us, always in rephrasing and reusing old password for our current password. Isn't it easier for the intruder?
Thanks & Regards,
Hemant Mittal
Mrigesh
Jul 11, 2013, 6:39:34 PM7/11/13
to null-...@googlegroups.com
In the case of Google passwords, I think it's more a case of insurance (looks like you can use variants of old passwords as new passwords)...
In case someone else manages to change my GMail password, there needs to be another way for me (the original owner) to not lose access to my Google account... If the current password is the only allowed authenticator/identifier, it means you own your account only so long as you own the password, which is too much reliance on a single factor of identity...
In case someone else manages to change my GMail password, there needs to be another way for me (the original owner) to not lose access to my Google account... If the current password is the only allowed authenticator/identifier, it means you own your account only so long as you own the password, which is too much reliance on a single factor of identity...
Reply all
Reply to author
Forward
0 new messages