How can Google know that a Microsoft e-mail account is "not safe"?

Information Security Asked by Gsnail on December 29, 2020

Recently, I was forced to log in to my Gmail account with a browser to keep using it.

Then, Gmail noted that the "alternate e-mail address", my 1999 Hotmail one, which I had long ago associated with my Gmail account (in 2004), has been "detected as not secure". I forget the exact phrasing. Something about it being detected as not secure.

I’m 100% sure that I have never used the password for that Hotmail account anywhere else, and that it has not leaked, and that the account was not compromised.

However, I was still locked out of it, since approx. 2014, when Microsoft started demanding that you enter a phone number to access the account, refusing to let me dismiss it. So I was (and remain) "essentially" locked out of it.

Is it possible that, somehow, Gmail could detect this from a third-party service? What else could they mean by "detected as not secure"? Some guesses:

  1. Maybe they have some means of checking the age of the account, and just assume that since it was registered in 1999, it must be abandoned?
  2. Maybe it’s listed in some kind of leak database, even though any password there would not be usable to log in since I never used the password elsewhere and have not been so careless as to leak it.
  3. They are just making random nonsense up because it’s a competitor’s address.

One Answer

Google is not going to reveal security algorithms to the public, so any guesses here are speculation.

My main guess is that Google sent 1 or more notifications to your alternate address, then decided it was abandoned because one or more of the following happened:

  • The notification was actionable, but you ignored it. Possibly this could have been an e-mail asking you to reconfirm your account.
  • The notification was never opened (this is detectable, but not reliable).
  • Microsoft rejected Google's notification e-mail. This could happen if the mailbox was full or if Microsoft blocked the account from receiving mail due to it being abandoned.

Answered by Brian on December 29, 2020

Add your own answers!

Related Questions

Whatsapp suspicious message

1  Asked on October 28, 2021 by perpetuallearner


I accidentally downloaded a .bin file, should I be worried?

1  Asked on October 28, 2021 by iknownaught


Secure a virtual machine during a lab exercise

2  Asked on October 28, 2021 by martin-frholz


HTML Injection to blind SSRF testing retrieves only DNS Query

0  Asked on October 28, 2021 by none_none


Ask a Question

Get help from others!

© 2023 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP