Over the last few months I've noticed messages in my gmail saying that my account had been accessed from China. I took the given advice and changed my password, but it kept happening. The last time I used an extremely cryptic password and it appeared that I was in the clear. Three weeks later, another message appeared saying my account had been accessed from China. So maybe it took longer or maybe they just didn't get back around to hacking me for a little while, either way I no longer believe a password is going to protect my inbox.<p>I'm not an important person. There are less than 300 people on the planet that are even aware of my existence and even less who would remember it if you asked. The only thing even remotely noticeable about me is that my surname, also in my email address, is shared with a famous (in a bad way) world leader.<p>Where are we at with passwords? Has computing power gotten so cheap that they can brute force their way through any character string? What am I to do as a lowly web developer to protect the users of my own apps if the 20k engineer-strong Google can't stop multiple incursions to a random dude's gmail account?
The last time I entered Australia customs grabbed my iPhone, took a snapshot of the memory and logged into my Google Apps Account to find out if I have been working illegally there.<p>They asked if I was planning tax evasion because I took Google Doc notes in a tax-minimization and asset protection seminar.<p>They went through my private email conversations with family members and discussed the financial details of my family and who borrowed money from whom.<p>All with my consent of course. The other option would have been to fly back to Europe with the next plane available.<p>It's not always the evil Chinese hackers...
If these are indeed true accesses (and not just phishing attempts), I would take a very careful look for malware on your computer. There is no way they are brute-forcing passwords like "j@zz!t7p=()++" (and Gmail would have long blocked their failed attempts).<p>I've never had anything of mine compromised, especially Gmail (at least to my knowledge). Knocks on wood.
> my email address, is shared with a famous (in a bad way) world leader<p>Kim Jong Il?<p>Brute forcing gmail is not really feasible, especially not if you have a decent password in place. I suspect that they would just put up a captcha and maybe slow down the login process if you fail too many times.<p>If your computer is compromised and you keep using the system to either login or change your password then that password will continue to get compromised.<p>In many ways you are also best off to reimage your PC and create a completely new gmail account. If the account was sending too many nasty things then it may be on various blacklists already, which will just affect your ongoing usage of it.
Did you use non-SSL gmail over a suspect wifi connection?<p>My account got hacked a month ago. Loads of spam emails were sent out from my account, and I had a login from china in the access log.<p>My password was strong and unique to gmail. My list of most likely attack vectors they might have exploited to get me are:<p>* Non-SSL gmail over compromised wifi<p>* Logging in when travelling on a compromised PC<p>* There was a story that gmail had experienced a security breach and some passwords had been 'stolen' in early 2010. Not sure of the details.
I have four accounts. One of my accounts, that I use at nefarious looking websites, or websites of a nature that I don't feel needs my legitimate email address, was accessed from a computer in China. I still use the same password for it everywhere but my Gmail now.