About three or four days ago, I opened Mail.app (as you do) and one of my Google Mail accounts asked for the password. Unusual but not unheard of, I entered the password again – clicked ‘store this password in my keychain’ (*Keychain being Mac OS X’s method of handling passes and encryption keys for accessing secure sites) and horror of horrors GMail refused to comply.
Busy as I was at the time, I left it for a while and put it down to a glitch – but when I tried again the next day the same thing was happening. So I logged into Google Mail, clicked the ‘forgot my password’ box (which I find quite condescending because I hadn’t actually forgotten my password at all, Google had) went through the reset password procedure and hey presto, found myself able to use GMail again.
Ten minutes later, however, the same thing happened again. Could it be a glitch with Apple’s Mail.app, I wondered? So I opened GMail in a different browser (having at first used Safari) and found that the password I had chosen not 10 minutes earlier was no longer working.
So I reset the password again, this time choosing to use Steve Gibson’s https://www.grc.com/passwords.htm to generate 64 random characters – just to be on the safe side and rule out the lingering possibility that a prankster out there somewhere had figured out how to hack Google Mail and was specifically targeting little old me.
Forcing a 64 character randomly generated password open is unlikely to take even the most dedicated and gifted hacker a little under 10 millennia – so when the problem reoccurred yet again 10 minutes later I was happy the issue was something to do with Google and not an account compromise issue – but that isn’t any kind of comfort, because they are notoriously difficult to communicate with – even when, as in this case, I feel obliged to report to them what could be a serious flaw.
As I write I’ve generated countless 64 character random passwords and used them to successfully access my firstname.lastname@example.org e-mail – but ten minutes later they all stop working and I have to go through the reset procedure over again.
This is affecting both web page log-ins and POP access. I have flushed cache and cookies and tried using two separate machines, one running Linux the other Windows Vista.
So for now, dear readers (this especially goes for Lucy) please contact me on my other (private) email address – and be aware that if any of you who e-mail me regularly suddenly start getting odd mail from “me” it might in fact be from someone who is able to access my GMail without my consent.
I’ll keep you all posted on what GMail say when I eventually get a reply from them in their discussion forum on the subject, which you can read here…