Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> We do send an email when you log in from a new device.

AFTER login? or before? I need to know when someone is trying to attack me, not when they've already succeeded. Otherwise what's the point? At least if I know beforehand that someone knows my password but failed OTP check then I can change my password, right? Why does Google not tell me when this happens? It's like common sense...



On the Internet? You'll get alerts that people are trying to hack you every single day. There are whole botnets that go around just trying to authenticate to everything everywhere using usernames sniffed from other hacks and every password under the sun.


I doubt they attack every single account every single day. At that point google should just ban the IPs doing that. Or at least turn of notifications for those IPs.

Anyway excessive notifications are a solved problem. You can limit the notifications to one every month, and you can allow the user to disable them. But I would certainly like to know if someone tried to login to my account, and I think it would make regular users more security conscious.


+1 same. Rssponses like the one you just replied to completely drive me nuts. If you don't think it'll be useful for me then let me disable it. Don't use it as an excuse.


In the last week my host has blocked 173 different IPs for attempting to guess passwords on SSH. And I don't even have psasword authentication enabled on SSH.

And this is on a nothing host. Almost completely anonymous and yet under constant attack.


Did you even read my comment? The most important scenario I just referred to was AFTER the password is typed correctly. Not before. I'm pretty damn sure botnets aren't going around entering my password correctly.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: