Wednesday, June 30, 2010

A Better Dashboard: Helping Detect Suspicious Log ins

Posted by Yariv Adan, Product Manager

A few months back we launched a feature in Gmail that notifies you when our servers automatically detect suspicious log in activity on your account. Since this has been effective in helping people identify improper access, we decided to extend it to all our Google Account users, not just Gmail. Starting this week, If we detect any suspicious log in on any of your Google Account products, we’ll display a notification on your Google Dashboard.

How does this work? Using the IP address you provide to us, our automated system can determine your broad geographic location. If you log in using a remote IP address, our system will flag it for you. So if you normally log into your account from your home in California and then a few hours later your account is logged in from France, you’ll get a notice like the one above at the top of your Dashboard page - alerting you to the change and providing links for more details.

When you get this notice and if you think your account has been compromised, you can then change your password directly from the ‘more details’ pop-up window.

Or, if you know it was legitimate access (e.g. you were traveling or your spouse who uses the same account was traveling), you can easily click "Dismiss" and remove the message. These notifications will hopefully help you identify suspicious activity but should not be considered a replacement for following best practices to keep your data secure.

In other Dashboard news, we recently added a link at the bottom of the page for you to ‘report an issue’ making it easier for you to tell us about a problem or to just share your thoughts. We want to work with you to keep making the Dashboard better, so let us know how we’re doing or ways we can improve your experience. Just note we may not be able to reply to every single report; but rest assured, we will read the feedback so we can keep making the Dashboard better.

So send us your thoughts. Take care to protect your information. And always keep an eye out for future improvements and upgrades to your Dashboard.


Darkmane said...

This is a great thing but I think you are thinking too small.

Rather than notify only on the Google Dashboard, this should be integrated into all Google products to notify people as they are going about their business not just while they are checking their dashboard.

This is probably in your plans but saying so would be really good.

Richard said...
This comment has been removed by the author.
Richard said...

Agreed. I would hazard that most gmail users (including me) don't know what the Google Dashboard is and where to find it. I looked for several minutes -- no luck. So this feature appears to be of no value to me (at least until someone posts how to get to the Dashboard!).

Brian said...

I agree with the others google needs to show that alert in every google product possible.

Along with that they should give us other options for getting notified such as emails, texts, chats.....

dawg said...

It would be cool if it could block the French user or require some sort of super password before he logged in, like texting to their designated cell.

kevin said...

First of all, I agree the message should propagate throughout all Google sites. I'd never heard of the Dashboard until today and I consider myself pretty savvy.

Second, I may be missing something, but if we as account owners are able to manually dismiss the warning message that our account has been logged into by someone else, then what's stopping the hacker from dismissing the message themselves, or setting up a simple script to go to Google Dashboard upon login and dismissing the message that way?

The message should stay open for a set amount of hours. It's not like the message impacts the account owner's use of Google products. It's simply a warning message, and having the slight annoyance of it being around for 24-48 hours far outweighs the headache and security dangers of not knowing someone has compromised the account.

yariv said...

Thanks for the feedback. You are invited to visit your Google Account Dashboard at
If you have a Gmail account, the message will be displayed also in your Gmail page. But if you are not a Gmail user, you can see it in the Dashboard, as well as the data and recent activity in your account. In both cases, the message will not be displayed to the user from the suspicious IP. You will be able to view and dismiss it only from a "good" IP.

DarkUFO said...

As someone who has been badly comprised in the past, this is a good step in the right direction.

However, when I was hacked I was asleep whilst a Ukranian hacker accessed all my mail, docs, and blogger accounts.

Could we not improve this further whereby you can only Log into an account from another PC / IP only if you provide a PIN or Grid Authentication which will then allow that PC/IP access.

It would work similar to LastPass's excellent grid authentication whereby you can only access your account from a Computer/IP that you have authorized. If another attempt is made from another PC location you have to provide this additional Code. This code is not stored in your Account but is like a Bank Pin send out to you on a one time deal.

All this will help me with currently is to tell me what I already know when I can't log in after I've been hacked, and in most cases the hacker would have changed my password, backup emails and security questions, as well as enabling an email filter to push through my emails over to him.

Please take this seriously.

More and more people are putting all their stuff onto the cloud, and a simple Username/Password authentication system is not enough anymore.

Chan Eil Fhios said...

Is there a way we could use wget or an ajax call to get this information for ourselves? For example, I'd like to be able to write an extension for Chrome that could periodically poll this data and show an alert right in the browser if you get compromised.

Hedaru said...

Interesting, I just know and realized it.
Hope it will be implemented to all Google Products in the future plan.

Hockeyman0 said...

Maybe it appear on your google home page as well when you log in. I think that this is a good idea but a smart hacker would not get caught by something this simple, you know?