Skip to main content

Why Can't Blogger Just Tell Me The Email Address?

We see the pain, in Blogger Help Forum: Something Is Broken, of blog owners who do not understand the need for keeping the name of their Blogger account a secret.
I forgot the email address that I was using. Why can't Blogger just tell me the address??
and some ask
How did this unknown person "xxxxx xxxxx" get control of my blog?
Years ago, the local police would have to convince home owners
Please, stop leaving a spare key under a rock, near the door!
Both many blog owners (today) - like some home owners (years ago) - had the same basic problem - naivete.

Like the home owners of years ago, who kept a spare key under a rock near the front door, for emergencies, blog owners will use tricks to remember their password.

Don't - please don't - use a guessable password!

One favourite technique, for remembering the password, is so obvious.

Pick a password based upon something that you can remember.

For a blog owner who is married, the answer is obvious.

What is my spouse's name?

and there's your password. If you forget that, you have worse problems, that cannot be addressed here.

If the name of one's spouse was a secret, using the name would not be a problem. But knowing that many blogs either contain the name (and picture, maybe) of the whole family - or lead to a Profile page or website (FaceBook, Instagram, Twitter, ...) with similarly useful information - how secret is the password going to be?

Hackers love blogs with guessable passwords.

Knowing both the Blogger account name (email address) that owns any blog of interest, and the URL of the blog, any hacker has a simple enough task.

  1. Scrape blog content, into a text analyzer.
  2. Extract a few hundred details (spouse's name, and others) from the blog content, as analysed.
  3. Run the known details through a password generation program.
  4. Now, the hacker has a database, containing "10,000 good possible passwords", specifically relevant to this blog.
  5. Go to "www.blogger.com", plug in the account name, and try out the 10,000 passwords, one by one.
  6. That's a simple brute force password attack.
  7. Sit back, and watch any botnet, controlled by the hacker, go to work.
  8. Given enough time, the hacker very likely gets access to the Blogger account, and to the blogs owned by the account.
  9. Note that steps 1 - 8, for any experienced hacker, will be summed into one step.
    Plug in the URL of the blog.
    Everything else is just more coding - and a nice robust botnet or two.

Besides using a "strong" password (which carries it's own risks such as forgetting the password - and now we're here, again), the best way to prevent a brute force attack is by preventing step 5.

Keep the account name / email address a secret.

Additionally, if you have a blog and a business - or otherwise exchange email with strangers, separate your Blogger / Google account and your email account. Use two separate email addresses, for Blogger and email.

Learn to appreciate efforts made, by Google, keeping your account and blogs safe.

If you need to recover access to your Blogger account, don't expect to use the Blogger "Forgot?" wizard, plug in your blog URL, and get a reply

Email was sent to your address xxxxxxx@yyyyy.zzz

And, if you post in the forum.

Please email me advice, to "xxxxxxx@yyyyy.zzz"!

expect to get a stern warning

Please, do not post Blogger account names, or email addresses, in the forum.

People objecting to the recent Blogger policy of masking email addresses, in Blogger commenting and similar services, as "no-reply @ blogger . com", may also need to consider this very real issue. Possibly, even use Google+, instead of Blogger commenting, for networking with ones peers.

Google tries to identify brute force attacks, and takes action when possible.

And, if your Blogger / GMail / Google account is disabled - and you get a mysterious notice about

Suspicious / Unusual activity on your account

this could well be the other side of a brute force attack against your account, intercepted by Google.

Don't be offended by the various precautions.


If you find the precautions and problems to be unacceptable, consider using Google 2-step verification, to protect your account against brute force hacking.

This is not fiction here - it's all very real.

None of this is fiction or paranoia - it's based on some very real, recent events, and even involves a recent National Scandal - and leads to some very real conundrums.

Similarly, we have a very distasteful answer, to a seemingly worthy need. And another apparently "ceremonial" but necessary answer, to somebody in need of understanding and support, that can't be provided.

You have to make the effort, to maintain and protect your blog.

You will get no sympathy, when you complain how unsupportive Blogger is.

You have to make some effort - and remember some basic information - if you are going to maintain a Blogger blog. And, encourage your friends to keep their accounts and blogs safe.

Comments

homebiss said…
Chuck,

Thanks for the tips. Appreciate it. :)
Bian said…
Thanks for the tips. :)
raincrow said…
Great explanation! I will be more careful next time.

Popular posts from this blog

Custom Domain Migration - Managing The Traffic

Your blog depends upon traffic for its success.

Anything that affects the traffic to your blog, such as any change in the URL, affects the success of your blog. Publishing the blog to a custom domain, like renaming the blog, will affect traffic to your blog. The effects of the change will vary from blog to blog, because of the different traffic to every different blog.Followers. People who find your blog because of recommendations by other people.Search engines. Robotic processes which methodically surf your blog, and provide dynamic indexing to people who search for information.Subscribers. People who read your content from their newsfeed reader, such as the dashboard Reading List.Viewers. People who read your content from their browser.No two blogs are the same - and no two blogs will have the same combinations of traffic sources.

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.