| ▲ | pluc 4 days ago |
| Passwords don't matter if you have access to the inbox and 2fa codes, you can just reset passwords. |
|
| ▲ | ratorx 4 days ago | parent [-] |
| But if you get access to the inbox, then you have a compromised device or the password via some other means right? Inbox access is a fairly big compromise, even without the 2FA codes. |
| |
| ▲ | bdangubic 4 days ago | parent | next [-] | | Inbox is the biggest compromise of them all IMO. I realized this a decade ago and use a different email for every account that I have. None of them have anything to do with my name in any way, I use 4 random words to create new email for any new account that I need. Accidental takeover of any one account does not lead to total take over of my life :) | |
| ▲ | pluc 4 days ago | parent | prev [-] | | You're right, seems they already had his inbox credentials. | | |
| ▲ | cpncrunch 4 days ago | parent [-] | | No, it sounds like they got him to create backup codes, which (along with SMS 2FA code, which he also gave them), that is all they need to take over the gmail account. Job done. | | |
|
|
