I have been looking in Google Reset Recovery Method for gmail for quite some time.
Before April 2017
Anyone could have reset gmail password using correct account creation date and month with a tolerance value of 4 months if you are initiating recovery process from a trusted home network which you have previously used to login in your account.
Home Network n IP thing can easily bypassed if you know your user IP and spoof your IP to 3 places of network address same as user using some kind of proxy server (not hard in some cases ) Also some neat trick would be like asking person to share Hotspot to access internet and then initiate a recovery for the same user.
How ever when google rollout its new UI and Security login update in april 2017.This thing gone.
Now Recovery mechanism dont rely on IP or Trusted Home network.
Now They Have tagged this with Account_Chooser and GAPS Cookie.
Now if You have these cookie of any user account no matter if he is signed out of his account
one can reset the password using above mentioned method.
I want to ask if there is anyone who used this or working on this method
Some Advice will here will be usefull and correct me if I’m wrong somewhere in this.