

Ask HN: Should Google log password resets & failed login attempts? - dxjones

I was just surprised to receive an SMS text message "Your Google verification code is xxxxxx".<p>I didn't do a password reset, I don't use 2-step verification, and I can't figure out what triggered this SMS message.<p>The thing is, ... Google knows what triggered it, but they keep it a secret.<p>The desktop version of GMAIL allows you to view a log of "Last Activity" with details showing IP address and Date/Time, ... but these are for successful logins.<p>As far as I can tell, failed login attempts &#38; password resets are not shown.<p>A Google search for the phrase "Your Google verification code is" reveals many people asking why they are receiving these text messages.<p>If someone really is trying to get into your account, and if you use GMAIL for important stuff, like your startup company, what concrete steps can be taken to track down someone who is trying to hack into your account?  An IP address is all I would really expect, and surely Google has that information in a log file.  How can I get it?
======
BigNuts
None of them like to log. For example when you contact a company asking for it
they are reluctant to just hand it over without knowing why. You often have to
tell them that your password got out into the wild. They cant put the ips
because people would realise how many times their accounts get hacked and they
would run around the internet saying how insecure it is.

------
rxoo2
They do log password resets. Change your password and try using the old
password soon after. You will notice that it might say "This is an old
password that was changed 1 day ago" or something to that extent.

------
27182818284
Is this not the same as the monthly activity report?

------
cynwoody
That is an excellent idea.

