eddie1261 Posted October 15, 2017 Report Share Posted October 15, 2017 3 hours ago, Dutch_12078 said: Passwords are not "stored as asterisks", rather they are simply displayed as asterisks. The login database typically stores an encrypted version of the actual password, although in many years of systems administration/analysis and penetration testing, I've seen plenty that store them as plain text as well. Okay. It is masked with asterisks. The initial topic was people being emailed allegedly by google saying their password has been stolen. Not gonna happen. Link to comment Share on other sites More sharing options...
Dutch_12078 Posted October 15, 2017 Report Share Posted October 15, 2017 Agreed... And the asterisks or bullets are often easily unmasked with freely available software. Dutch 2001 GBM Landau 34' Class A F-53 Chassis, Triton V10, TST TPMS 2011 Toyota RAV4 4WD/Remco pump ReadyBrute Elite tow bar/brake system Link to comment Share on other sites More sharing options...
Al F Posted October 15, 2017 Report Share Posted October 15, 2017 12 hours ago, Chalkie said: I am a long time Gmail user, in fact I have had a gmail account since they first became available. I have accessed the account through Outlook (when I was working) or just the Gmail web app or android app on my cell. I have never seen a message that says my password was stolen no matter what city, state, or for that matter, country, I have been in. I do use 2-step login procedures, and would highly encourage everyone to do the same. Once a device is logged in I have the option to tell Google to never ask on that device again. So even if I have to log in again, Google has a record of the device (I believe this to be a combo of MAC address and OS serial) and therefore I do not have to go through the 2-step process again. I have to ask the OP, how often do you run anti-malware software? It certainly sounds like you might possibly have some malware in play. Again, this is an issue with "Thunderbird" and Gmail, I believe. If you don't use Thunderbird you probably won't see the issue. Al & Sharon 2006 Winnebago Journey 36G 2020 Chevy Colorado Toad San Antonio, TX http://downtheroadaroundthebend.blogspot.com/ Link to comment Share on other sites More sharing options...
Al F Posted October 15, 2017 Report Share Posted October 15, 2017 Although I have read some details about why Gmail considers Thunderbird a less than secure application, I don't remember the details. I believe most of the issues stem from the fact we have to configure Gmail to allow this less than secure application long in to Gmail. Al & Sharon 2006 Winnebago Journey 36G 2020 Chevy Colorado Toad San Antonio, TX http://downtheroadaroundthebend.blogspot.com/ Link to comment Share on other sites More sharing options...
Al F Posted October 15, 2017 Report Share Posted October 15, 2017 Here is what needs to be changed in Gmail to allow Thunderbird to logon to Gmail. The info below is copied from the Sign-in & Security section under My Account in Gmail. Quote Allowing less secure apps to access your account Google may block sign-in attempts from some apps or devices that do not use modern security standards. Since these apps and devices are easier to break into, blocking them helps keep your account safe. Some examples of apps that do not support the latest security standards include: The Mail app on your iPhone or iPad with version 6 or below The Mail app on your Windows phone preceding the 8.1 release Some Desktop mail clients like Microsoft Outlook and Mozilla Thunderbird Change account access for less secure apps To help keep G Suite users' accounts secure, we may block less secure apps from accessing G Suite accounts. As a G Suite user, you will see a "Password incorrect" error when trying to sign in. If this is the case, you have two options: Option 1: Upgrade to a more secure app that uses the most up to date security measures. All Google products, like Gmail, use the latest security measures. Option 2: Change your settings to allow less secure apps to access your account. We don't recommend this option because it might make it easier for someone to break into your account. If you want to allow access anyway, follow these steps: Go to the "Less secure apps" section in My Account. Next to "Access for less secure apps," select Turn on. (Note to G Suite users: This setting is hidden if your administrator has locked less secure app account access.) If you still can't sign in to your account, the "password incorrect" error might be caused by a different reason. Al & Sharon 2006 Winnebago Journey 36G 2020 Chevy Colorado Toad San Antonio, TX http://downtheroadaroundthebend.blogspot.com/ Link to comment Share on other sites More sharing options...
Al F Posted October 15, 2017 Report Share Posted October 15, 2017 Gee, I don't know where anyone would get the idea that when I said "Gmail knows your password" that I meant a human, as in customer support, could see my password. The Gmail application has to know, as in store my password somewhere, to be able verify the password I logon with is valid. Al & Sharon 2006 Winnebago Journey 36G 2020 Chevy Colorado Toad San Antonio, TX http://downtheroadaroundthebend.blogspot.com/ Link to comment Share on other sites More sharing options...
Chalkie Posted October 15, 2017 Report Share Posted October 15, 2017 3 hours ago, Al F said: Again, this is an issue with "Thunderbird" and Gmail, I believe. If you don't use Thunderbird you probably won't see the issue. Fair enough. Since I am not a Thunderbird user normally I will put this to the test. We are getting ready to do a little traveling so I will load Thunderbird and give it a try to see if it gives the same results. Link to comment Share on other sites More sharing options...
Aggie79-82a Posted October 15, 2017 Report Share Posted October 15, 2017 23 hours ago, Devilishjim said: I thought Thunderbird was something you drank ? It is. 2019 Jayco 5th Wheel 28.5RSTS 2017 Ford F250 Super Duty 6.2L Link to comment Share on other sites More sharing options...
eddie1261 Posted October 15, 2017 Report Share Posted October 15, 2017 Again I ask, does anybody have a copy in their trash or inbox of an email that says "Your password has been stolen". I am quite eager to see that. If you have it, I can show you how to see the headers, which will contain information as to who really sent it. My whole point of even entering this thread that I really don't care about is from the perspective of a retired IT professional who at times wore the hat of email administrator. Those message headers will have information that allows me to track it back to where it originated. I am not a betting man bet I'd bet you a beer vs a Wendy's iced tea that it did NOT come from Google. And email server is nothing more than a computer that verifies logins and it has no cognitive power to draw a conclusion like "stolen". As far as all the nitpicking about this app and that app, however you reach gmail, it is still webmail at the core, an IMAP mail system. Web interface or mail client, it is still webmail. So, does anybody have an email that said "Your password was stolen"? The curious geek inside of me is dying to see it. I have used gmail for at least a decade and I have NEVER seen or heard of that. Link to comment Share on other sites More sharing options...
Biker56 Posted October 16, 2017 Report Share Posted October 16, 2017 I use Gmail and Thunderbird on my desktop & laptop and have that same thing happen to me many times while traveling in the summer. It also happens with my iPad & iPhone . And if I use a VPN also triggers Gmail to ask me to check my account log in. VPN will show up on Gmail that I tried to log in many states away from my present winter location. Full Time since Oct. 199999 Discovery 34Q DP | ISBDatastorm | VMSpc | Co-Pilot Live | Pressure Pro2014 MKS Twin Turbo V6 365 HP Toad Link to comment Share on other sites More sharing options...
Al F Posted October 16, 2017 Report Share Posted October 16, 2017 17 hours ago, eddie1261 said: Again I ask, does anybody have a copy in their trash or inbox of an email that says "Your password has been stolen". I am quite eager to see that. If you have it, I can show you how to see the headers, which will contain information as to who really sent it. My whole point of even entering this thread that I really don't care about is from the perspective of a retired IT professional who at times wore the hat of email administrator. Those message headers will have information that allows me to track it back to where it originated. I am not a betting man bet I'd bet you a beer vs a Wendy's iced tea that it did NOT come from Google. And email server is nothing more than a computer that verifies logins and it has no cognitive power to draw a conclusion like "stolen". As far as all the nitpicking about this app and that app, however you reach gmail, it is still webmail at the core, an IMAP mail system. Web interface or mail client, it is still webmail. So, does anybody have an email that said "Your password was stolen"? The curious geek inside of me is dying to see it. I have used gmail for at least a decade and I have NEVER seen or heard of that. This is about the first quarter of the "Source". Is this what you wanted? Do you need the rest? Quote From - Sat Sep 16 06:43:53 2017 X-Account-Key: account6 X-UIDL: GmailId15e87ceef77d1bec X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Delivered-To: xxxxxxxx@gmail.com Received: by 10.157.27.200 with SMTP id v8csp1220565otv; Fri, 15 Sep 2017 16:10:39 -0700 (PDT) X-Received: by 10.107.16.157 with SMTP id 29mr11025831ioq.196.1505517039364; Fri, 15 Sep 2017 16:10:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1505517039; cv=none; d=google.com; s=arc-20160816; b=ZX+Fb5/PusrsRBSEXBDaJxYViKQsN2BCRGhiGM33qQ74CxIK4NEcKVKj2YGptV+rex Xr5SBhnAfi+2lKep1qiR4rWwdT3ztTlAJoVuQwoxXQL7SqEqmcDJh9/xfwaogFzBQV7z wDg05LxhJmH79mkE1w3fGDl56ekFL4mdPL2s5mcNgo2bfEwRidWSNlgkORwmWj6S132n LvQhXmcLvSlhJdlNlxPtuasZF4wbszphMxhhzSqS+h2I6vRuNU5/aucypMspUox8ZoAd 9wzqIGtSACYydNJw874otkmIUT8oIbkn5QZ1xiLdg6rheFW2ExzFI6GbfvrNfS9W6Kam uAUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:from:subject:message-id:feedback-id:date:mime-version :dkim-signature:arc-authentication-results; bh=HzcSDZeuxD3zWZvLeNKxJIKRf5JuBf+a5arc0l8g+0w=; b=GkIVgKBb3GgDAitnCrHj8p4S7KYRYoXn49b3B/OhKv69Iqyn1Cxe6agILlRv366zrO LXiLYy7buIoPpTMWtYCcMEsYmRutf8JZNjiyf3ebihDrip/BHb4w85Ed+ConmlJ1vP4n SCTh/a/XIOWzJgpuQRyAnwWNNO+qUi/pXEc86trSucqbNRacDC2OgBPAfgRogpdb0SlN FfqlSo+Cwf1UvQo/dEmPlf/6wie2iwpG03XWtQT9rDJU4Dqx60bgh1XuF0dVkCDvE9b2 PIaE8rum44Jp0axuFufO4wxFONvOotozJQKFw68Xe6GB4X1kdYyqdAVApZ4DZXAj6VRX +IQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@accounts.google.com header.s=20161025 header.b=bwzxI5WA; spf=pass (google.com: domain of 37l28wqgtcg8ab-ercylnppbhagf.tbbtyr.pbznypnonertznvy.pbz@gaia.bounces.google.com designates 209.85.220.69 as permitted sender) smtp.mailfrom=37l28WQgTCG8ab-eRcYlNPPbhagf.TbbTYR.PbZNYpnoneRTZNVY.PbZ@gaia.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=accounts.google.com Return-Path: <37l28WQgTCG8ab-eRcYlNPPbhagf.TbbTYR.PbZNYpnoneRTZNVY.PbZ@gaia.bounces.google.com> Received: from mail-sor-f69.google.com (mail-sor-f69.google.com. [209.85.220.69]) by mx.google.com with SMTPS id v199sor195411itc.92.2017.09.15.16.10.38 for <xxxxxxx@gmail.com> (Google Transport Security); Fri, 15 Sep 2017 16:10:39 -0700 (PDT) Received-SPF: pass (google.com: domain of 37l28wqgtcg8ab-ercylnppbhagf.tbbtyr.pbznypnonertznvy.pbz@gaia.bounces.google.com designates 209.85.220.69 as permitted sender) client-ip=209.85.220.69; Authentication-Results: mx.google.com; dkim=pass header.i=@accounts.google.com header.s=20161025 header.b=bwzxI5WA; spf=pass (google.com: domain of 37l28wqgtcg8ab-ercylnppbhagf.tbbtyr.pbznypnonertznvy.pbz@gaia.bounces.google.com designates 209.85.220.69 as permitted sender) smtp.mailfrom=37l28WQgTCG8ab-eRcYlNPPbhagf.TbbTYR.PbZNYpnoneRTZNVY.PbZ@gaia.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=accounts.google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=accounts.google.com; s=20161025; h=mime-version:date:feedback-id:message-id:subject:from:to; bh=HzcSDZeuxD3zWZvLeNKxJIKRf5JuBf+a5arc0l8g+0w=; b=bwzxI5WAn9MvAvAnalzWZCmf6299Do8w0i+apktRNJbhLq4QWRSS0OGvvML/JEvtdL W/qW04Wnzf4D8LNKw4iwe+OvtJ41e0oJnKNQY0XxiIbsuYrErnNgMHPCMWduS6kTaPqY Ql0eJPE7Ogq74tbcnZlKwEZVzk4eT9mBDYFj1djqQYApV+TDLIuVQQWIrxtm3/5Brasx WEuFpIauapUGOBAg19ENLUI0bkaidfIxZeSrrBVqiu15mEngcRXnGPLeTLE+vtv0TFxP aJGIV7Hu5AMXx8+qWDYWBQbEMVbDmKfxE9EJkDp5kGs/5tRnXc8tdlklGjJnvVBM7Ogu 038Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:feedback-id:message-id:subject :from:to; bh=HzcSDZeuxD3zWZvLeNKxJIKRf5JuBf+a5arc0l8g+0w=; b=e7pSqwfFnNBtqH0y+eLRJ3y+Fw4q81Y5OqNUqtQZ4dxMzwkSYqf5srbTwTl0mrA0+6 1qz0vefTkU8V2vnz3jSKsNgrjN3s5aqLyYMxWiBuFb3ND44UeUKpnyomzb+a7jUVAV6y S02CmlzmQDex6oYfrjgMtteqiBjAMZbgOKFLVRfGTYJ3nl7x7jy9liE+JJgIc9U0jMUD NrERkAQcFn6BqqhPoe0O8nNil8iuzQwJEO773yblgDOFCLGEZsvyKqm6n+1+cIoQlhqR COTEFpFgzVsODDr4UEYNp7o1ucQweuFIq9LekRESgE87pjyyVeGFn6I+0238T0ayPWiV i4xQ== Al & Sharon 2006 Winnebago Journey 36G 2020 Chevy Colorado Toad San Antonio, TX http://downtheroadaroundthebend.blogspot.com/ Link to comment Share on other sites More sharing options...
SWharton Posted October 16, 2017 Report Share Posted October 16, 2017 We have used Gmail with Thunderbird for many, many years. Now we have our own hotspot and use that all the time but previously we would use the cg wifi. Unless we caused it we have never had logon problems with Gmail via Thunderbird so I don't think that is the problem. If anyone is interested I can PM screenshots of my settings in Tbird to you. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.