People logging into my accounts despite 2FA being enabled.
- Thread starter Xeno1234
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
- Jun 12, 2023
- 699
Are there any other ways to revoke google authenticator access or no?
I have no idea what an emergency code is and haven’t set any up.
15 years old is too young to participate in these forums and I cannot understand the problems you are experiencing well. It seems that you either have paranoia and exaggerated security fear, as they say, or that you are actually being targeted
You need a security expert or people who have the time and desire to follow up with you until you solve your problem, assuming that there is a problem
But my personal advice is to change your current method of asking repeated questions, even if this is imposed by your young age, which is characterized by impulsiveness, love of learning, and asking about everything. The world is not as beautiful as you think
You need a security expert or people who have the time and desire to follow up with you until you solve your problem, assuming that there is a problem
But my personal advice is to change your current method of asking repeated questions, even if this is imposed by your young age, which is characterized by impulsiveness, love of learning, and asking about everything. The world is not as beautiful as you think
Last edited by a moderator:
- Jun 12, 2023
- 699
Thank you for the response. Getting hacked is a lot to handle at 15 years old, but I don’t see why I’d be a target of relentless hacking.15 years old is too young to participate in these forums and I cannot understand the problems you are experiencing well. It seems that you either have paranoia and exaggerated security fear, as they say, or that you are actually being targeted
You need a security expert or people who have the time and desire to follow up with you until you solve your problem, assuming that there is a problem
But my personal advice is to change your current method of asking repeated questions, even if this is imposed by your young age, which is characterized by impulsiveness, love of learning, and asking about everything. The world is not as beautiful as you think, and forums sometimes contain people who are more toxic than those who are present on social media
What methodology do you recommend? At the current moment, the security plan for me is get my computer back later this week and have parents monitor G Mail for suspicious logins - it takes the stress of me a bit but also ensures it’s in good hands.
I have nothing to recommend regarding the problems you think you are having and some qualified people have already responded to you here, I don't know why someone would target you directly, but it is possible for this to happen, and this remains a possibility, even if it is 1%
However, my comment was focusing on another point that I hope you will try to understand well
- Jun 12, 2023
- 699
How would I know about a SIM Swap? I have not received login texts ever that aren’t from me.
- Jun 12, 2023
- 699
That’s the goal. I try my best to be only stressed but I get very, very OCD about things and my mind practically revolves around it. I’ve practically been only focused on being hacked for the past week but I’ve regained myself recently and calmed down to the best of my ability.
I’m not “scared” though. I know that this sucks, but I will eventually fix it all.
- Aug 22, 2013
- 823
OCD? shut your pc/mobile for a week, look around, you can find your father mother and sis/bro also lives in the same house, talk with them. You can find they care for you. Go out with your friends, meet with people, enjoy the nature, go for an adventure trip then you can find exploring is as fun as using your mobile/pc. Life is too short do not waste it by locking yourself in four wall of your room. ( Oh and I am 43 years old, have a daughter in her teens and I know what I am saying and its coming from my experience till now)
- Oct 3, 2022
- 380
Being 15 is Not a problem. Kids in war zones have to take care of their entire family due to deaths in the family. They just have to learn to deal with certain problems sooner than other kids. They can adapt easily. Mental shift for parents: what if your son was born in Palestine 15 yrs ago? That's right, you'd be in a war zone now. (I'm not from Palestine, I just have a 'liberal arts' degree; sprinkled with IT courses of my choosing.; I don't worry about money.)
Being hacked is just a problem, and it can be dealt with.
To deal with this problem, like any problem, you first learn from experience gained from the past. Asking around in a forum is not the best way to do it. Look towards IT Security certifications and training material. Companies have dealt with this problem for a long long time. And the knowledge gained through the years are encapsulated in these certification trainings. Simply just go buy a $60 book from Amazon. For starters, look at the Comptia Security+ material. I studied for the exam a decade ago. Read this, and you will have the mental tools for dealing with the hacker problem.
Certification training is not just meant for finding a job. You have a problem to solve. So you have to find the knowledge from wherever it is offered.
Being hacked is just a problem, and it can be dealt with.
To deal with this problem, like any problem, you first learn from experience gained from the past. Asking around in a forum is not the best way to do it. Look towards IT Security certifications and training material. Companies have dealt with this problem for a long long time. And the knowledge gained through the years are encapsulated in these certification trainings. Simply just go buy a $60 book from Amazon. For starters, look at the Comptia Security+ material. I studied for the exam a decade ago. Read this, and you will have the mental tools for dealing with the hacker problem.
Certification training is not just meant for finding a job. You have a problem to solve. So you have to find the knowledge from wherever it is offered.
Last edited:
@Xeno1234
I once got alarming "people log in to your account messages" which persisted after password changes. So I consulted a remote family member who is a security expert and he told me to follow the below procedure to check whether I was hacked or I was chasing a ghost.
This is what he proposed: As already stated by @Victor M the achilles of two factor authorization are already logged-in accounts.
Some services offer you the option to signout devices already logged. Other services hard signout all connected devices from the backend automatically when you change a password and some simply keep them alive. You need to know what the default process is for each of the services you want to change passwords for. First research what the policy is for each of the accounts you want to change passwords for.
When you know what to do to be sure all connected devices are logged out at password change (or what the correct procedure is to force that), next step is to create a controlled operating environment on the devices you are making the 2FA password change on.
When you are resetting a password, you have to know the device and network you are initiating the password change on are clean and the device receiving the confirmation code is clean. As posted earlier by other members there are no short cut's. You need to know you are in control 100% otherwise any change could still be a faulted change. Also disentangle the 2FA environments completely (don't use WIFI on the phone receiving the 2FA).
When above two criteria are set, execute the password changes one by one.
Immediately after you have changed the password of one account, sign in to that service from a client you have never used before (e.g. a linux distro USB). You probably get a warning that a new device has logged in. This is also a good way to check the accuracy of the service warning you for new logins (as explained in the spoiler) and to verify you are not chasing ghosts.
I once got alarming "people log in to your account messages" which persisted after password changes. So I consulted a remote family member who is a security expert and he told me to follow the below procedure to check whether I was hacked or I was chasing a ghost.
This is what he proposed: As already stated by @Victor M the achilles of two factor authorization are already logged-in accounts.
Some services offer you the option to signout devices already logged. Other services hard signout all connected devices from the backend automatically when you change a password and some simply keep them alive. You need to know what the default process is for each of the services you want to change passwords for. First research what the policy is for each of the accounts you want to change passwords for.
When you know what to do to be sure all connected devices are logged out at password change (or what the correct procedure is to force that), next step is to create a controlled operating environment on the devices you are making the 2FA password change on.
When you are resetting a password, you have to know the device and network you are initiating the password change on are clean and the device receiving the confirmation code is clean. As posted earlier by other members there are no short cut's. You need to know you are in control 100% otherwise any change could still be a faulted change. Also disentangle the 2FA environments completely (don't use WIFI on the phone receiving the 2FA).
When above two criteria are set, execute the password changes one by one.
Immediately after you have changed the password of one account, sign in to that service from a client you have never used before (e.g. a linux distro USB). You probably get a warning that a new device has logged in. This is also a good way to check the accuracy of the service warning you for new logins (as explained in the spoiler) and to verify you are not chasing ghosts.
From one service I always get the correct client, but a wrong location (the city where the head office of my ISP is located). So instead of worrying about terrifying login warnings from city's you are not located. you know that the warning service is doing something funny (because of time and date and OS, I knew it was me logging in, not someone else). This confirmed I was chasing a ghost, because the warning system was faulted.
For me this explained why I got these alarming login messages and in hindsight could have saved me all the trouble of resetting everything.
For me this explained why I got these alarming login messages and in hindsight could have saved me all the trouble of resetting everything.
Last edited:
- Jun 12, 2023
- 699
What I’ve been doing the past week. I feel much better
- Jun 12, 2023
- 699
Ok - I’ve investigated a bit more. Suspicious logins took place February 13th, the day that I myself changed all my passwords. I also see only 1 reset per account instead of multiple. Maybe I had a VPN on, but I’m not sure, but this leads me to believe it’s me.
All of the password reset emails were read aswell, and I’ve verified that the google accounts are not compromised.
All of the password reset emails were read aswell, and I’ve verified that the google accounts are not compromised.
- May 13, 2017
- 2,487
This message can also be caused by an app or a webpage. Let say you use Google to login to Xiaomi and run it's app on your phone, it can a report a login from it's service location.
- Oct 3, 2022
- 380
Hi @Xeno1234 , @harlan4096 the administrator and author of the Kaspersky default deny configuration which you use, thinks your perceived hack is all due to you using a VPN. You found the problem yourself. He asked me to explain this to you. He will be closing this thread shortly.
- Mar 2, 2023
- 794
How, in what way? (since I frequently use a VPN).
- Apr 28, 2015
- 8,669
But if you use a server not in Your country, the service (in this case Google) may think You were attacked...
When checking emails (I use Pop Peeper for a fast preview checking), I had to add a tunneling exception in my VPNs apps, for the same reason...
When checking emails (I use Pop Peeper for a fast preview checking), I had to add a tunneling exception in my VPNs apps, for the same reason...
When you use for instance Netflix via a VPN, you get an IP through the VPN (with corresponding geo location). So you might get a warning that you are using Netflix from a specific location (sometimes Netflix asks is it you, because they don't want people to share subscriptions).
- Mar 2, 2023
- 794
Thank you, I didn't realize that. If I'm using a VPN server in my own country, which is what I only use, that will help curb this from happening to me?
Thank you as well, Lenny
Yep, as I've heard of that as well as Disney routinely doing the same thing now.- Status
Similar threads
