Don’t get me wrong. Google 2-Step verification is VERY secure! Way more secure than not having it. And gmail is the most secure free email service. But there is one flaw. According to Google, you are not supposed to be able to login and gain full access to your account with just a application specific password. Application specific passwords are designed to use with applications that aren’t compatible with 2-step verification (For example: outlook, thunderbird, sparrow, etc). But there is one flaw….Google Notifier.
Google Notifier notifies you when you get emails, it can also log you into your account (on your web browser) to check your email. To sign into this app you use a application specific password. Therefore bypassing 2-step verification.
Requirements
Must have access to the internet
Must have gmail account
Have Google 2-step verification installed
Here is how it works…
Step 1
First download Google Notifier and install it. Once it is installed head over to google.com/accounts and create an application specific password.
Step 2
Once you have the application specific password sign into Google Notifier. Once signed in click on “Go to inbox”. This will take you directly to your gmail account. Once you are there you have FULL ACCESS to everything and can change ANYTHING you want without having to type in a password. If after a coupole minutes it asks for a password, just click on “Go to inbox” again. That should give you another minute or two to do whatever you like.
There are a couple of legitimate reasons for doing this. For example, you forgot your email password and don’t know the security question. Well you could just use an app like this to recover your application specific password and then log in using google notifier. Then all you would have to do is change the security question (you don’t need a password) and voila, you can recover your account by answering your new security question.
This is scary that it is that simple. Anyone could do it! If ANYONE got ahold of your computer they could gain access to your google account and get access to everything (bank account, Paypal, Facebook, etc), and you wouldn’t even know it…until it was to late!
Great post. I used to be checking constantly this weblog and I’m inspired! Very helpful info specifically the final part 🙂 I take care of such information a lot. I used to be seeking this certain info for a very lengthy time. Thanks and good luck.
Thanks! I’m glad you enjoy my site!
Wow, awesome blog layout! How long have you been blogging for? you make blogging look easy. The whole look of your site is magnificent, as well as the content & material!
I’ll right away snatch your rss as I can not to find your e-mail subscription hyperlink or newsletter service. Do you have any? Kindly permit me realize in order that I may subscribe. Thanks.
I do have a email subscription link. It is on the side of my blog. Right above the RSS subscription.
hello there and thank you to your information ? I have definitely picked up something new from proper here. I did on the other hand experience several technical issues the usage of this site, since I skilled to reload the web site lots of instances prior to I may get it to load properly. I have been pondering in case your hosting is OK? Now not that I’m complaining, however sluggish loading circumstances times will often have an effect on your placement in google and can harm your high quality rating if ads and marketing with Adwords. Well I’m adding this RSS to my e-mail and can look out for a lot extra of your respective exciting content. Ensure that you update this again soon..
I am using wordpress.com I am not going to put ads on my site right now. Maybe later (when I have a domain name).
nice post
my account is hacked and i dont know how to get it back.
my laptop was robbed and now 2 step verification is turned on my gmail account.
i filled in the form for recovery they sent me a reply saying use
backup code or phone verification
which wasn’t set by me.
so i filed the same recovery form again and asked for assistance but haven’t heard from them in last 24 hrs.
they also sent another email before i filed the recovery form the second time, saying congratulations it look like are able to access your account (which isnt me), its probably because the person is using my computer and the history/cookies saved are helping him to verify him as me.
Please any help would be much appreciated in this regard.
Sorry it took me so long to reply. I get a LOT of spam comments and I don’t see real comments…
Anyway. Which forum did you fill out? If you haven’t done so already, go to the login page, click on Forgot password, Click on “I don’t know my password”. Then click on “I didn’t enable 2 step verification.”. I’m sure google will eventually get back to you.
Because it took me this long though, I would assume you already have gotten it fixed or gotten a new account.
Sorry this happened! And Thanks for reading,
–Michael
My gmail account got hacked in september month. Later with google support i retrieved it.
I have set my 2-step verification code.
Again my gmail account got hacked.
I never open my gmail other than my office personal laptop or on my phone.
How is it possible?
Is hacking 2-step verification system that much easy?
No, its not THAT easy…Make sure you don’t have a virus on your computer that is sending your login details to a hacker. If you don’t know how to remove viruses, im sure you know someone who is tech-savvy…just ask them to help, im sure they would love to.
I would….but I don’t live anywhere near you so it would be hard 😛
Please I have misplace my phone and forget my password recovery information on my Gmail Account. I have my password and User Name but can’t get access to my account, since my phone is not longer with me to get the password verification code and login. Is there any help to bypass this step to get access to my account?
@love facing the same problem if u find any way just share the same with me
Look at the answer I just gave Love. Hope it helps! Let me know if you get it recovered 🙂
Read the bottom of this page, google tells you how to recover you account.
http://support.google.com/accounts/bin/answer.py?hl=en&answer=185834#ASPs
Also, If you have access to an application specific password, you could follow the tutorial above. Apps that use an application password would be, outlook, calendar on your computer, mail on you phone, an application that uses your google account, etc. If you used outlook, you could recover the password with this software.
http://www.nirsoft.net/utils/mailpv.html
If you are on a mac, go into your keychain access (do a spotlight search) and find your application password that way, and then follow the tutorial above.
HOPE THIS HELPS!!!
Hi! I was just wondering, is there any way to bypass de TSV used by Dropbox? Someone stole my phone, and I don’t have the 16-digit backup code, so pretty much my account is locked. Thank you in advance!
Sorry, I don’t know much about Dropboxe’s 2-sep verification. But I would sugest you contact them, other than that, not much you can do but find you phone.
I will look into it though, no promises 🙂