I recently discovered that someone logged into my Google account two days ago. I missed the email notification because I hadn't checked it. Here's what I've done so far: changed my password, removed all passkeys and recovery codes, generated new recovery codes, logged the suspicious device off, disabled passwordless login where possible, cleared my account history and saved passwords, and changed passwords for my other important accounts. I also have the option to lock the person out of their phone and reset it. Should I do that? Is there anything else I should consider? The device in question is a Samsung W22 5G and the activity occurred on March 22.
1 Answer
You did a great job handling the situation! It sounds like you panicked a bit, but you took the right steps. I recommend using a password manager from now on, like Bitwarden or something similar. They can help you manage your passwords and passkeys. Just be cautious about where you enter your credentials to avoid getting hacked again.
It might be too extreme to format their phone. Focus on securing your own account and keeping your data safe.
I switched to Proton Pass for better security. Do you think I should reset the other person’s phone?