undefined | Better HN

0 pointswfunction9y ago0 comments

> We do send an email when you log in from a new device.

AFTER login? or before? I need to know when someone is trying to attack me, not when they've already succeeded. Otherwise what's the point? At least if I know beforehand that someone knows my password but failed OTP check then I can change my password, right? Why does Google not tell me when this happens? It's like common sense...

0 comments

jandrese9y ago

On the Internet? You'll get alerts that people are trying to hack you every single day. There are whole botnets that go around just trying to authenticate to everything everywhere using usernames sniffed from other hacks and every password under the sun.

Houshalter9y ago

I doubt they attack every single account every single day. At that point google should just ban the IPs doing that. Or at least turn of notifications for those IPs.

Anyway excessive notifications are a solved problem. You can limit the notifications to one every month, and you can allow the user to disable them. But I would certainly like to know if someone tried to login to my account, and I think it would make regular users more security conscious.

wfunctionOP9y ago

+1 same. Rssponses like the one you just replied to completely drive me nuts. If you don't think it'll be useful for me then let me disable it. Don't use it as an excuse.

jandrese9y ago

In the last week my host has blocked 173 different IPs for attempting to guess passwords on SSH. And I don't even have psasword authentication enabled on SSH.

And this is on a nothing host. Almost completely anonymous and yet under constant attack.

wfunctionOP9y ago

Did you even read my comment? The most important scenario I just referred to was AFTER the password is typed correctly. Not before. I'm pretty damn sure botnets aren't going around entering my password correctly.

j / k navigate · click thread line to collapse

0 pointswfunction9y ago0 comments

> We do send an email when you log in from a new device.

0 comments

jandrese9y ago

Houshalter9y ago

I doubt they attack every single account every single day. At that point google should just ban the IPs doing that. Or at least turn of notifications for those IPs.

wfunctionOP9y ago

+1 same. Rssponses like the one you just replied to completely drive me nuts. If you don't think it'll be useful for me then let me disable it. Don't use it as an excuse.

jandrese9y ago

In the last week my host has blocked 173 different IPs for attempting to guess passwords on SSH. And I don't even have psasword authentication enabled on SSH.

And this is on a nothing host. Almost completely anonymous and yet under constant attack.

wfunctionOP9y ago

j / k navigate · click thread line to collapse