[fx]

But if you are someone who keeps cracking into gmail account you will just workaround it (easiest way I assume will be disabling Javascript?) if you go further you can just firewall everything except gmail, or use a proxy to remove this protection on the fly.

Even though this will provide some benefit against a serial cracker this will be useless at the end.

[freespiritvivi]

You are right, this will work only if the gadget is enabled. Its a protection against simple password attacks. If google makes this a "privileged" app (like chat, etc) such that this always runs, it would be better.

[axemclion]

A simpler way to work around this is to switch to Gadget mode. This certainly is a limitation. Any ideas to overcome this ? Hence, if there is a way to ensure that the gadget always runs before gmail loads, this would become 100% secure.

[siminarasimhan]

This is definately not a "total" solution as the gadget can be disabled. Things like Basic mode wont have the gadget, and the serial cracker can get into that. Any ideas on how to prevent that ?

[fx]

There is well known old honeypot trick. using webbugs in a juicy mail stored in the gmail. This e-mail can be stored with label such as "passwords". When the attacker looks at it, it will load a remote image, and now you know, someone from an IP address just seen your e-mail.

[axemclion]

This is similar to the gadget, just that the gadget loads automatically. What if the hacker stops the request ?

[axemclion]

All data is stored in your own gmail calendar, so its kinda really transparent. The code is available at http://code.google.com/p/gids/