- Detecting suspicious account activity (March 24, 2010) by Pavni Diwanji, Engineering Director
- Remote sign out and info to help you protect your Gmail account (July 07, 2008) by Erwin D'Souza, Gmail Engineer
The posts elaborates on the measures that Gmail has introduced, with the lastest (i.e. Mar 2010) being an audit trial of when and where your account was accessed, as well as an automated checking/ warning feature.
Both features are useful, particularly for those who access Gmail from shared computers and/ or public terminals.
HOW MOST EMAIL ACCOUNTS MAY HAVED BEEN "HACKED"
In most cases, I suspect most email accounts get "hacked" not from deliberate attempts to crack into individuals' account, but from the carelessness/ lack of knowledge by the owners when they use a shared computer -- in school, cybercafe, a friend who also has many other friends using the terminal. Like this:
- You go to your email sign-in page, checked the "Stay Signed-In" option before you log into Gmail.
- You log into your email account, do what you have to do, and then close the browser. But you didn't sign out from your account.
- You leave the computer.
- A stranger pops by and uses the same computer. Goes to the same email sign-in page.
- If you have checked the "Stay signed-in" option and you didn't sign out, then your email account opens up right away. Because the computer was told to stay signed-in. already signedinthe computer doesn't know or care who is accessing the information.
No security feature is foolproof. It's just a matter of reducing the chances of the user making a mistake, or giving potential malicious hackers a harder time.
A feature like auto sign-out would help reduce the chances of someone stumbling onto your account, if you didn't log out. But potentially, if someone plonks right onto your vacated computer mere seconds after you leave, the auto sign-out feature may not have kicked in.
And the alerts are merely that -- an alert, as mentioned in the Gmail blog post:
"Keep in mind that these notifications are meant to alert you of suspicious activity but are not a replacement for account security best practices. "[The same blog post has links to online security tips and best-practices]
Personally, I try to follow these practices if I use any computer that isn't my own:
- Avoid using shared terminals if I can wait. And in most cases, things can wait. I'd rather not check my emails or access my Twitter or Facebook account, if I have to use a shared terminal. I'd rather get home to access my accounts if I can wait).
- Empty the browser cache/ history/ Saved Passwords before shutting down/ leaving the computer (although this becomes a problem when I use a computer in a foreign country, and where the native language isn't English).
- Always Remember Rule #1.
CYBER-SAFETY, DIGITAL LITERACY & ROLE OF PUBLIC LIBRARIES
I definitely think Cybersafety should be part of a Digital Literacy curriculum. And that public libraries (hence, public librarians) are well placed to be those that help deliver Cybersafety and Digital Literacy awareness -- either by inviting outside speakers or developing our own credibility/ expertise to conduct such sessions.
For every child and adult who've been exposed to cybersafety talks (e.g. schools, computer classes for seniors), I'm sure there are still many who have not. The topic is also quite broad, so chances are not everything can be covered.
Plus, people forget. Or they don't instantly make the connection with what they have been warned earlier.
Such cybersafety talks don't have to be be long drawn sessions. I imagine them as 10-minute teasers. Or just short on-the-spot presentations (to target the incidental library visitor), like how some retail outlets employ retail assistants to conduct quick demos.
It just so happens that the product the librarian is trying to "sell" is Cybersafety and Digital Literacy.