The Magnet #65: Happiness Is a Warm Hardware Security Key
What I did after Google sent me an alarming warning about government-backed attackers
A few weeks ago, a pop-up message appeared on my computer while I was using Gmail. It said: “Warning — Google may have detected government-backed attackers trying to steal your password.” It had a red button that said, “Secure my Account.”
“Government-backed attackers” sounded ominous and chilling. I already was using 2-factor authentication. Wasn’t that good enough? I went to my Chrome settings and saw a more detailed warning:
It said:
Government-backed attackers may be trying to steal your password
There's a chance this is a false alarm, but we believe we detected government-backed attackers trying to steal your password. This happens to less than 0.1% of all Gmail users. We can't reveal what tipped us off because the attackers will take note and change their tactics, but if they are successful at some point they could access your data or take other actions using your account. To further improve your security, based on your current settings we recommend:
Join the Advanced Protection Program
Google's strongest protection for users at risk of targeted attacks.
The part that said, “This happens to less than 0.1% of all Gmail users,” alarmed me. My Gmail account goes back many years, and if someone successfully hacked it, they could get private information about me and the thousands of people I’ve emailed over the years.