On the Gmail Hack: You Do Not Want This to Happen to You

More

This morning in the email inbox are messages from five new people using Gmail on the "Help! I ,have been mugged at GUN POINT! ,in Spain , please wire me your Moneys now" theme I mentioned earlier. All quite amusing. But I make these points as earnestly as I can:

1) This does not have to happen to you. You can reduce virtually to zero the risk of your Gmail being taken over by applying the free, sophisticated two-step verification process that Google has (admirably) been rolling out in the past few months. I'll spare the details now; the how-to is at their site. The conceptual point is, if you apply this system no one can get into your account remotely.* Not from Tianjin, Lagos, Leningrad, or Los Angeles. That is a huge difference in security, and you can apply it with minimal (though not zero**) bother.

2) You definitely DO NOT WANT this to happen to you. Is there any risk you expose yourself to if your account is taken over, worse than being the source of semi-literate appeals for emergency cash?

Yes. The risk you expose yourself to is the potential unrecoverable loss of all your cloud based data. Someone in control of your account could mark the entirety of its contents for "permanent deletion." (It's easy: you send all messages to Trash; then you press "Empty Trash Now." Poof, it's gone.)  As Google explains on its official Gmail support site, if this happens, then in principle the data cannot be retrieved. Think about that and its ramifications for a moment. I don't know whether that has happened to the five people I received emails from this morning. But I know of at least four people it has happened to in the past week.

3) There are other ways you can back up your data. As that same official Gmail posting says, you can make local copies, on your own computer's hard drive. You do this using POP or IMAP protocols, to make copies to an email client like Outlook, Apple Mail, Thunderbird, whatever. You can follow the how-to instructions from the Gmail site. I've done this for years, just because of paranoia left over from the dawn-of-computing era. You're never sorry to have another copy of something you don't want to lose.

Bonus reading: a series of wonderful posts on the Gordon's Tech site, from someone who now uses the two-step system and whose Gmail account was hacked last year, gives you all the detail I'm skipping about security measures that make sense and don't. For instance: his experience in applying the two-step system; how to think about passwords if you apply this system (summary: you can go back to an easy, "weak" password, since it's no longer the main defense) and related password thoughts; and lessons of being hacked.

A friend wrote last night to say: this two-step stuff seems like a bother. Is it worth it? Consider point #2 above, and answer the question for yourself.

* The conceptual point is: without the two-step process, anyone who guesses or cracks your password can get into your account, from any computer anywhere in the world. With the two-step process, a hacker would need your password and also physical control of your own normal computer, on which you had previously entered the code, or your own mobile phone that receives new authorization codes. It could still happen, after a theft or break-in. But no one sitting in an internet cafe overseas could get into your files.

** UPDATE: The one part of the process that is cumbersome is entering "Application-specific passwords" for certain devices or applications other than your normal email site. In my case, I had to enter, once-only, this different code to get Gmail on: my Android phone, my iPad, my Thunderbird and CloudMagic programs that log into Gmail; and some others. Prepare for this one hassle, which the Gordon's Tech site covers, plus official instructions from Google. Here is another entreaty from PCWorld about why the hassle is worthwhile.

Also, see The Guardian on whether these attacks are ripple effects of the mammoth Gawker hack last December, which revealed user names, email addresses, and passwords for more than a million people.

Presented by

James Fallows is a national correspondent for The Atlantic and has written for the magazine since the late 1970s. He has reported extensively from outside the United States and once worked as President Carter's chief speechwriter. His latest book is China Airborne. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.
Get Today's Top Stories in Your Inbox (preview)

The Death of Film: After Hollywood Goes Digital, What Happens to Movies?

You'll never hear the whirring sound of a projector again.


Elsewhere on the web

Video

The Death of Film

You'll never hear the whirring sound of a projector again.

Video

How to Hunt With Poison Darts

A Borneo hunter explains one of his tribe's oldest customs: the art of the blowpipe

Video

A Delightful, Pixar-Inspired Cartoon

An action figure and his reluctant sidekick trek across a kitchen in search of treasure.

Video

I Am an Undocumented Immigrant

"I look like a typical young American."

Video

Why Did I Study Physics?

Using hand-drawn cartoons to explain an academic passion

Writers

Up
Down

More in Technology

From This Author

Just In