Google Account Takeover

If Google is going to be at the center of our digital and online lives, they need to get a lot better about their support organization and how they handle account issues. Check out this story by Mark Ghosh for an example of what happens when things go wrong. What if you woke up tomorrow and your Gmail, Orkut, Docs, Reader, Google Checkout account was gone?

42 thoughts on “Google Account Takeover

  1. Speaking of which, I was just thinking we should go back to Technorati blog search on our WordPress Dashboards. The incoming Google links show anyone that has my site in their sidebar and sites where I’ve left comments, in addition to the real folks linking stories. Noise is too high, signal is too low.

  2. I totally agree, Google is disgraceful at support, you can’t be that big that you don’t care about who is paying for your billion dollar profit margin. Get with the program Google, its called:
    1) Answering emails.
    2) Providing an actual email address people can find.
    3) Explaination clarity, some directions are like speaking to a robot, they are repeative and useless at solving problems.
    4) Putting a Freekin Stupid Google Analytics code should not be rocket science but the stupid explainations of who to install the stupid code is unreal, and wastes alot of time. I am sick and tired of working with google, and i wish they would get their act together.

  3. If my Google Account was gone, I’d be screwed. No e-mail — would be like being in a black hole.

    That’s one of the reasons why I’ve been learning Postfix and Zimbra. Eventually, I hope to have all my e-mail going through a server I have completely under my control.

  4. What if… Sheesh, don’t remind me on this one…

    But… don’t we get, at least in the near future, a kind of WPMail built into WordPress? While on the topic, some sort of alternative to GMail including the e-mail conversations approach would be nice. 🙂

    1. I thought about having my own e-mail host around 2 years back, almost when we started to get gmail invites. Surely the gmail inbox was looking good but it was still in beta and i can not trust a beta for something which is far much important to me. I am using gmail and yahoo on secondary basis, and guess what 90% of the times i get junk e-mails, for example hi5 invites naymez etc etc. on my personal e-mail i have installed spam eaters and customized as per my requirements.

    2. Yes, I think WPMail plugin do exist but still needs to be enhanced up to an acceptable standard. For me cpanel would server the purpose. I have got two web mail clients. RoundCube and Squirrel Mail with ajax support. I just go to mail.mywebsite.com and check my mails like a peace of cake. if you say it should be integrated into wordpress admin section so that i can check my inbox then that would be really nice but not something without which I can’t survive because some easy solutions already exists. but yes if we can integrate gmail, yahoo, hotmail and couple of other e-mail accounts together with wordpress and establish a common inbox with great UI then that would become the hottest wordpress plugin indeed. I don’t want to go to gmail and yahoo to check my spam i wan’t to delete them right from my wordpress core.

  5. I agree with DaveZatz — the link information now is a completely useless waste of space. And, yeah, if I lost my Google account I would be in a very bad way. I use mail, docs, groups, reader, etc. etc. It’s not smart to depend on one company that much, but the disparate alternatives are not that attractive, and the thought of changing everything now is distressing as well.

  6. The problem is in the case above the user didn’t protect themselves or pay attention to where they were sending their login credentials, Google should not be held liable for the stupidity of some users.

    Does their support suck, it sure does, should they work on it….well that depends on if it will impact their bottom line. I am no Google fanboy but being someone whom lives in reality I can see that as a company it will be about the bottom line, if the users have an issue they need to show it and move away from those services.

    As for the Google Analytics code….it is pretty simple and a placement issue would depend on which CMS your using, if your using a CMS and the issue with placement is caused by this than the support should be on the shoulders of the CMS support staff and community.

  7. Wasn’t Orkut that AOL partner in Brazil with Portuguese source code that peaked in 1998? They still exist? Come to thing of it, isn’t Google that search engine that makes you look through 79 pages of junk to find the answer to a simple question? They still exist?

    1. “look through 79 pages of junk to find the answer” – try refining your queries. Google became king of the search engines for a reason. So the problem is with the consumer on this issue.

  8. technically, they’re covered. Most Google products are still in their beta stage.
    The problem would ours and ours entirely, as is the responsibility for using beta products.

    That said, if I woke up with no Google account tomorrow, I’d have to start a new account and… revert to the backups I make

  9. I don’t even use all of those services and if that happened, it would be a huge hit to productivity. Gmail and Reader are two of my main browser tabs opened every day and first thing.

    That is a downside of offline GMail, it lowers the barrier to want or need to pull mail down into the client. RSS already has that exposure unless you are pulling down into a client. So all mail and OPML of all feeds would be inaccessible. Not good obviously.

  10. How likely is that Google disappears from one day to other? At the time of this comment is more likely that FDIC vanishes… 😐

    Anyway, centralized data is never a good idea in my humble opinion.

      1. …sorry,

        So, google knows that is big and many people trust them enough to give their personal details to them (even me) and they don’t play with these details.
        Also, maybe it was only my luck, but always I had some issue with my account(s) I found the appropriate place to let them know i have issues and got support in a few hours in a way or another.

        Just my 2c

  11. This is why two certain things are bad:
    1) a Google monopoly over search (and other services like video)
    2) integrated logins

    Truthfully, we are too dependent on Google these days. YouTube… Gmail… AdSense… Blogger (wait, we’re WordPress fans)… and they all use the same “Google Accounts” system for login. What ever happened to the security practice of using different passwords for different sites? Clearly that’s out the door.

    And I second the proposal of using Technorati.

  12. Yes, if we could use some other service to show which blogs are linking it would be extremely helpful. Sometime int he past 4 months Google became completely useless at that. I get Google Alerts and it’s become pretty crap, too. I get an email about someone mentioning a story I wrote whenever I post because I have the name of the story in my sidebar… sigh.

  13. It’s funny because Google is now the new Microsoft – it’s only a matter of time before the anti-trust folks start going after them.

    As much as I like the idea of having everything on-line and associated with a single account, I haven’t made the jump yet. I just don’t like having the same provider for all my services – if I don’t like one provider (such as a webhost) I can just switch and that doesn’t affect anything else.

    If you have your whole on-line life through one company and you have a problem with them, then it’s more difficult for you to get away from them.

  14. I’ve been warning people about this for a long time. It’s great to have all these on-line services that let you have free e-mail and universally web-accessible documents, until they lock you out.

    I don’t trust anyone with my data. I trust big corporations even less. For most things that matter, I have several redundant backups. It’s like the Seals say, “Two is one and one is none.” The more control we give to others the bigger our potential problems when they prove untrustworthy.

  15. I don’t trust Google much. They are a service provider, but because I pay for nothing there is no recourse.

    All of my critical digital life is pay for service (servers, email, etc). This provides me with accountability, a phone number, and real support.

    I believe in entering into a contract of service for money. This is critical in protecting yourself. Google owes you NOTHING because you have no entered into a contract outside of “allowing Google to do what ever they want with the data they collect” and the weaker stipulation of “best practice to safeguard…” (paraphrased)

    Google SSL cert is NEVER valid for IMAP / POP on my edition of Thunderbird. Pretty scary.

    If Google vanished tomorrow I would feel impact BUT all my critical information is handled and always will be handled by other services.

    Read the Google privacy statement, that stuff scares me.

  16. I guess I am different from most people here as I would never even consider using any webmail source as an important e-mail source. That is as a source to store or receive important documents. Any person who has a website has e-mail from their web hosting company and you have e-mail from your ISP as well. The very thought of using Yahoo, Microsoft or Google as a prime e-mail source scares me to death.

  17. A shocking story especially that it involves a giant like Google who you would expect to be setting the standard for security.

  18. Facebook is in the same predicament. Just read another story (3rd or so now in the past week and a half) about taking over of accounts and using them for money scams. The biggest underlying issue has be the lack of no support in gaining control back of the accounts. The story this week was for a Microsoft employee. The unfortunate thing is that some people use this social site for business.

  19. I’ve really never understood why anyone with important e-mail, etc., would put their faith in a 3rd party company like Google or even hotmail or yahoo! While I do have various e-mail accounts with the larger portal sites, all my main e-mail comes to me directly via my own e-mail accounts. Both domain names and hosting are so cheap, there really is no reason to use anything else for business or important e-mail. And as Brad mentioned above, even your ISP is a better source for your e-mail hosting than something like Google.

    I guess I’ve been doing this ‘net thing too long and am somewhat pessimistic, but I actually expect large corps like Google to screw things up! I’ve never had any faith in them, or any of the others, to do things properly. Everything I do, I control, and you can’t do that relying on something as flaky and poorly run as Google is. Their gmail program is by far the largest spam portal out there, yet they don’t even attempt to close those holes.

  20. like the idea of using my google account on so many great services Youtube, Feedburner, adsense etc. But i never thought the kind of damage someone could do to me online with that one password.. its still convenient to have one login though.. just watch out for those hackers 😉 scary.

  21. (obDisclosure: I’m an employee at Google)

    If the Google services are really that critical to you, I recommend the Apps for your Domain premier edition. It’s $50/user/year and gives you a phone number for support.

    It’s still cheaper than running your own server.

  22. I have absolutely no idea what an orkut is or what on Earth one might want with it, but if you have something running which apparently can be used as a backdoor with shared credentials and then you happily forget about it, you should have your internet access yanked, fast.

    Shame on that whiny Ghosh guy – instead of yammering about Google’s support, he should check internet security 101 and get back when he’s good enough to handle it.

    Sheesh, it’s just like team phpBB getting hacked because of an outdated PHPList install: it’s always someone else’s fault! And instead of lambasting Google for giving the support he paid for as a free product, he should volunteer setting up the orkut user support groups.

  23. Providing customer support for a free service? The economics just don’t make sense.
    One should expect the same from Gmail as from a kite. If it crashes, tough luck.
    No mommy to go crying to.

  24. I like Alvaro’s thoughts. I also think that anyone who relies solely on one companies products to define themselves in this modern age is in dire need of a digital overhaul. If support and accountability is such a big deal, you should invest the time and money into creating your own server with your own services; then, if there is a problem, the onus is on you. You will be the one accountable for what happens on your own service vs. trying to have a company who has millions of users daily address your concerns. Plain, simple, effective.

  25. I really don’t care hat happens to google. I never use it for anything including searches. It doesn’t make any difference if they live or die. I never could see the fuss about them. Their search engine sucks, their e-mail sucks. The only good thing they have is their satellite thing of photos of the earth.

  26. An easy way (well, easy for a Geek) to backup a Gmail account is to configure your account with IMAP in a mail client (e.g. Thunderbird) and get all the mail.
    It’s a dirty solution (difficult to recover your e-mails to a new account, etc.) but it’s not complicated and you won’t be in a black hole in case you lose your Gmail account (or someone steals your password and changes it).

    See this for Thunderbird, or Google for some other e-mail client:
    http://www.howtogeek.com/howto/internet/setting-up-gmail-imap-support-in-thunderbird-2x/

    Cheers,
    Marcos

  27. Hmm. This cannot happen with my paypal account. I could give you my user name and password and you could not login. Same goes for the web interface to my bank account. You would have to have my mobile phone to get in. I have two factor authentication on both accounts. Paypal sends a code via SMS to my phone, which I then enter to complete my login.

    I also use a password manager, so all my passwords look like W7wV3EQHgJZ&txXcROYP (just generated). People need to get better at login management. Google is not your mother.

Comments are closed.