

Ask HN: Just received Google verification code on phone but I didn't ask for it - codegeek

Hi all
Just wondering if you have received this before. I just got a text message on my phone from a number 657-201-6208 saying "your google verification code is xxxxx". I am concerned if someone is trying to access my google/gmail ? trying to check with wife if she is the culprit but in the meanwhile, i just wanted to hear your views.
======
gregcohn
If you have this phone number set up with Google, and if you have 2-factor
auth set up, they will do this every time you login from a previous
unauthorized machine. Wherever they're trying to log in, there will be a gate
where they have to enter teh 6-digit PIN sent to your phone.

If you don't have 2-factor auth set up, I think they will still sometimes do
it with new machines or login attempts that may look suspicious (e.g. brute
force password attempts).

Thus, if google does have this number for you, it's very likely that someone
is trying to log into your account (it sounds like, possibly your wife). The
bad news is, they got your password entered correctly (or it was cached
somewhere). The good news is, it's very UN-likely that that person will be
able to get the PIN and proceed beyond the gate.

If google doesn't have this number for you, it's possible someone else
provided it to them, accidentally or otherwise.

If you don't have 2-factor auth set up, go here and do it.
<https://www.google.com/settings/u/1/security?hl=en>

~~~
codegeek
thx. i m resetting pwd anyway to be safe and will get on to 2 factor
authentication now. I was just lazy before.

~~~
gregcohn
good idea. it's kind of a pain in the ass (esp if you turn off or frequently
clear cookies like I do), but it seems ways more secure.

------
codexnight
Well, someone definitely knows your number and did this to have fun.Unless
someone has a masterplan to steal your phone also hehe.Or perhaps it is just
spam...

------
codegeek
I guess it is spam. Just found this:

<http://www.reversenumberdatabase.com/657-201-6xxx>

~~~
gregcohn
probably not actually SPAM - see my comment above.

