Besides my primary Google/Gmail account, I also have a throw-away account I use for work to test with.
This morning I received an alert from Google that someone tried logging in to this account using an “untrusted” machine in Florida. Google recommended changing my password which I did. I also read in detail their recommendation to use a 2-step login procedure which I also setup.
If you have a Google or Gmail account I recommend doing this. Click HERE for details about this security measure.
In addition, in your security settings (Go to google.com, click on your picture in upper right corner, select Account, select Security along the left side), scroll to the bottom and review “Connected applications and sites”. Delete any websites or applications you don’t recognize or use any more.
I went ahead and added 2-step verification for my primary Google/Gmail account as well. The 2-step process requires you login using your normal password and also using a verification code that is sent to your mobile phone. As part of that process, I had to reset my password on my Android phone. Unfortunately, it is running an older version of the Android OS (2.3.4) and it isn’t able to prompt me for a verification code. Instead Google asks you to use a special Application-specific password for apps that are not able to prompt for the verification code. Details on this are HERE.
On my phone, I went to Settings…Accounts & Sync.. and tried to change the password for my GMail account but was not able to. Apparently you have to reset your phone to factory settings to change anything about your primary Gmail account on the phone. That’s crazy. I would lose all data, all my files and all downloaded programs! Fortunately, I found a workaround. Instead, I went to Settings…Applications…Manage Applications…All…GMail…Clear Data. That allowed me to re-enter not my normal password but the special password Google provided as explained HERE. This happened the next time I launched GMail.
I feel much safer now.