• WANTED: Happy members who like to discuss audio and other topics related to our interest. Desire to learn and share knowledge of science required. There are many reviews of audio hardware and expert members to help answer your questions. Click here to have your audio equipment measured for free!

How to "georestrict" a Google account?

MCH

Major Contributor
Joined
Apr 10, 2021
Messages
2,753
Likes
2,391
Hey guys,

This is a strange question for ASR, but i have been all the weekend trying to find out and ran our of resources, so I thought I would try my luck here as there are quite a few knowledgeable folks.

Since a couple of weeks, I am receiving verification codes to access my google account that I have not requested. It is becoming more and more frequent, as of now, I receive one or two every day. As you can imagine, it doesn’t feel very comfortable, even knowing they have not managed to get in. I have tried to contact google but after the usual questions it always ends up in “ask the community” in their forum, what I did, but nobody has answered.

I always receive the codes in the middle of the night, what tells me that most probably the request comes from oversees. I thought that I would like to restrict access based on location, what I understand is not a definitive solution but at least a little additional barrier.

And this is my question. Is there a way to activate some sort of “georestriction” in google accounts?

My research results are the following:

  1. Yes it is possible for corporate accounts (mine is not)
  2. There is not such setting in my google account settings that I could find
  3. Forum discussions about it that I could find are negative (not possible) but all are at least a few years old….

I know how to see the latest activity with geolocation, but I am afraid that if they manage to get in it will be too late + I don’t fancy having to check the recent activity of my account regularly from now on until… forever.
 

Dunring

Major Contributor
Forum Donor
Joined
Feb 7, 2021
Messages
1,404
Likes
1,523
Location
Florida
Are you using 2 factor authentication on the phone app that's getting these? Also did you do the security checkup to see if it's someone trying to login, or if it's a web site you authorized in the past that's setting the alerts off? It's true what you discovered already, only corporate accounts can limit geographic location. The 2 factor authentication, and silencing the notifications on the phone so they aren't chiming off too much is the practical way to sleep at night. I'd sign out of any web sites you've given access to the Google account just to see if that helps. For the free accounts they just don't give that kind of control though. I'd search for your email address in quotes to see if it's posted on some web site, or https://haveibeenpwned.com/ If it's posted somewhere, in Google search results, check the ... for more and you can easily request the site showing personal info to be taken off the index.
Short of that, you have to register a domain and host it at a place that has geolocation restrictions as part of their SMTP/Pop servers.
 
OP
M

MCH

Major Contributor
Joined
Apr 10, 2021
Messages
2,753
Likes
2,391
Are you using 2 factor authentication on the phone app that's getting these? Also did you do the security checkup to see if it's someone trying to login, or if it's a web site you authorized in the past that's setting the alerts off? It's true what you discovered already, only corporate accounts can limit geographic location. The 2 factor authentication, and silencing the notifications on the phone so they aren't chiming off too much is the practical way to sleep at night. I'd sign out of any web sites you've given access to the Google account just to see if that helps. For the free accounts they just don't give that kind of control though. I'd search for your email address in quotes to see if it's posted on some web site, or https://haveibeenpwned.com/ If it's posted somewhere, in Google search results, check the ... for more and you can easily request the site showing personal info to be taken off the index.
Short of that, you have to register a domain and host it at a place that has geolocation restrictions as part of their SMTP/Pop servers.
Hi Dunning, thank you for the confirmation that only corporate accounts have access to geographic restrictions, I don't need to waste more time looking for it.
Yes, I do have 2 factor authentication and I have checked the last activity log. However, it only shows IP and location of the successful log ins, not the attempted ones. (positive outcome of all this: I learned new things).
I don't think I ever gave any app or website permission to log in my Google account, but good point, I will definitely investigate that.
Another thing I learned, is that there is a tool in the account settings to check if your email address is in the dark web. But seems mine is clean.
Well, I guess I will have to live with the fact I have someone stalking my account, a bit of a deception not to be able to set some extra restrictions, but well, it is a free account after all...
 

Blumlein 88

Grand Contributor
Forum Donor
Joined
Feb 23, 2016
Messages
21,254
Likes
38,658
My mail account shows being in the ATT data breach. Which is odd as I've no connection or business done with ATT in more than 15 years.

This will let you see if your address was part of the ATT breach and other places as well. I could tell from mine that indeed it was in the ATT breach that it was leaked and from other info that yes it goes back to a time previous to 15 years ago. Thanks AT&T you are the quality company I knew you were.

 
Last edited:

antcollinet

Master Contributor
Forum Donor
Joined
Sep 4, 2021
Messages
8,154
Likes
13,855
Location
UK/Cheshire
Hey guys,

This is a strange question for ASR, but i have been all the weekend trying to find out and ran our of resources, so I thought I would try my luck here as there are quite a few knowledgeable folks.

Since a couple of weeks, I am receiving verification codes to access my google account that I have not requested. It is becoming more and more frequent, as of now, I receive one or two every day. As you can imagine, it doesn’t feel very comfortable, even knowing they have not managed to get in. I have tried to contact google but after the usual questions it always ends up in “ask the community” in their forum, what I did, but nobody has answered.

I always receive the codes in the middle of the night, what tells me that most probably the request comes from oversees. I thought that I would like to restrict access based on location, what I understand is not a definitive solution but at least a little additional barrier.

And this is my question. Is there a way to activate some sort of “georestriction” in google accounts?

My research results are the following:

  1. Yes it is possible for corporate accounts (mine is not)
  2. There is not such setting in my google account settings that I could find
  3. Forum discussions about it that I could find are negative (not possible) but all are at least a few years old….

I know how to see the latest activity with geolocation, but I am afraid that if they manage to get in it will be too late + I don’t fancy having to check the recent activity of my account regularly from now on until… forever.
Have you changed your password? As far as I know, you shouldn't get verification codes unless they have already entered the correct password. If you haven't, change it now.

Have you also checked they are being sent by google?
 
OP
M

MCH

Major Contributor
Joined
Apr 10, 2021
Messages
2,753
Likes
2,391
Have you changed your password? As far as I know, you shouldn't get verification codes unless they have already entered the correct password. If you haven't, change it now.

Have you also checked they are being sent by google?
Yes I did.
Not sure though that they need to know my password to make Google send a verification code. I believe they also send it when you go through the "forgotten password" process, as you might still be logged in in other device. I am not 100% sure though. In fact, this is also what the email from Google suggests: "someone might have typed your email address by mistake". But 20 times in two weeks? I don't think so.
The email is identical to other legit code emails that I have received. And it doesn't ask you to do anything, but it is true it contains a link.... It doesn't ask you to click but maybe the scammer expects that you end up clicking.... good catch, thanks.
Screenshot_20240429-152841.png

Holly crap! Now I see it is my Microsoft account, not my Google one :facepalm::facepalm::facepalm:
Not that it is less concerning but have been looking for the wrong thing. Sorry guys.

Wtf, Microsoft does provide more data, and indeed I have plenty of login attempts, from Russia, Philippines, Germany.... But seems that Microsoft allows geographic restrictions. Good!
 
Last edited:
Top Bottom