Hi There,
I have been looking in Google Reset Recovery Method for gmail for quite some time.
Before April 2017
Anyone could have reset gmail password using correct account creation date and month with a tolerance value of 4 months if you are initiating recovery process from a trusted home network which you have previously used to login in your account.
Home Network n IP thing can easily bypassed if you know your user IP and spoof your IP to 3 places of network address same as user using some kind of proxy server (not hard in some cases ) Also some neat trick would be like asking person to share Hotspot to access internet and then initiate a recovery for the same user.
How ever when google rollout its new UI and Security login update in april 2017.This thing gone.
Now Recovery mechanism dont rely on IP or Trusted Home network.
Now They Have tagged this with Account_Chooser and GAPS Cookie.
Now if You have these cookie of any user account no matter if he is signed out of his account
one can reset the password using above mentioned method.
I want to ask if there is anyone who used this or working on this method
Some Advice will here will be usefull and correct me if Iām wrong somewhere in this.
Funny thing, I already tried to reset my Google password more than once, and always failed at that question. How should I remember when I created my account?
Generally speaking, one has to be a very creative Social Engineer to wrap this question in a plausible context. Would love to hear about some ideas
Yes there are 4 attempts limit after that it blocks the attempt and can only try after some time
but as i said there is around 4 month tolerance limit, so in 4 attempts u can cover up to 2 years
gap
because if user is signed out of gmail then there is no use of login_cookies but account_chooser cookie still be there.
There is no google write up on this anywhere.I have researched on this many times, thought if any one came across the same will be a good point of discussion