19 Jul 2014

Google account password can be changed by anyone using your Android phone

As it is said, necessity is the mother of invention. In dire circumstances, even a feature which was provided to convenience the user could prove to be harmful for another. Recently, a reddit user has posted story of his son resetting the password of his Google account using his phone to buy an app from the Play store.

Caution:  This post is entirely for educational purpose and not to instigate anyone to follow the steps mentioned in this post. You would be entirely responsible for whatever loss may incur following the act.

For this little kid, the process of resetting the password was real easy. He didn’t had to enter even have to provide a single bit of account information to reset the password. Read the quoted post here.

Here are step by step process, how it was done, without having to enter any information about the account.
When you have set a password to make an in-app purchase, there will be a prompt to enter the Google password.

1. Google will ask to confirm password for a purchase.
2. Click “forgot password.”
Forgot password option
3. Click “I don’t know.”
4. It will lead to a page which will give you a verification code via phone or email
Verification code option

5. Click “a text message"
6. Open the text message and enter the verification code
7. Enter and confirm new Password.

And this will hence allow someone with access to my phone, but no knowledge about my Google account, to reset a new password for my Google account. I checked it out, and there it was... a simple and a convenient way for someone to reset the password. But thanks to this post, you are going to be aware of this now.

Keep your phone safe and its content, apps or games proctected from opening with some password or PIN to avoid misuse.


comments powered by Disqus