Someone just made 3 attempts to reset my Google Password. The reset notice I received includes this statement …
… If you've received this mail in error, it's likely that another user entered
your email address by mistake while trying to reset a password. If you didn't
initiate the request, you don't need to take any further action and can safely
disregard this email….
A mistake. Suurre it’s a mistake.
I have a robust Google password, but the risk here is that someone has access to a secondary account that receives my Google password reset requests. Those have robust passwords too, but there are always weaknesses.
Just to be on the safe side I’ve reviewed my Google accounts password recovery options and they look good.
Brrr. I hate passwords. I’d have bet good money in 1996 that we’d have robust biometric authentication by now. I’d have lost every penny. A good lesson about predicting the future.
Update 11/18/09: Amit Agarwal was hacked around the same time I was attacked. It's not clear how they hacked in.