I Need Advice

[spacepir]

Jordan,

Someone recently tried to use an application to sign in to your Google Account - xxdarthdexterxx@gmail.com. We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:

Saturday, January 19, 2013 10:12:02 PM UTC
IP Address: 60.168.123.190
Location: Hefei, Anhui, China

If you do not recognize this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset your password immediately. Find out how at http://support.google.com/accounts?p=reset_pw

If this was you, and you want to give this application access to your account, complete the troubleshooting steps listed at http://support.google.com/mail?p=client_login

Note: This email address cannot accept replies.

Sincerely,
The Google Accounts Team

I found this email when I woke up this morning, and I've changed my password. I'd like to know if you think it's secure enough changing your password to something hard to crack. I have no clue why someone would want into my email account, nor do I know how on Earth they got my password. I think I might've used the same one on a dodgy website.

I'm new to having my account attacked, and I'm completely clueless as to what to do. Help?

 

[essellar]

That ought to do it, although you should feel free to turn on the two-factor authentication option if it can work for you (you'll need a cell phone or mobile device). Two-factor is a pain in the butt, but the bad guys need your phone as well as your password to get in.

Google's pretty good for this sort of thing — if an authentication attempt is made from an unlikely physical location (somewhere you've never logged in from before or somewhere it's unlikely you would have had time to travel to since your last interaction with the site) then they'll block the attempt. If it really was you and you can't wait until you get to home base (which will be open to get this message to you) you can have the reset info sent to your phone (you do have the phone option enabled, right?) or to your recovery email address (the one they keep bugging you to verify every couple of months).

 

[ChatIndia]

you should include special characters and numbers in your password.

 

[Thomas014]

Password should be strong.. Should consists of digits, letters, special characters..

 

[essellar]

Length will do more than special characters, people, and unless you're using something like KeePass, the combination of adequate length and special characters is going to pretty much guarantee you'll lock yourself out of every account you have. A 20-character silly pass phrase you can easily remember has more entropy than a 10-character password you probably won't remember.