Let me start by explaining this feature. If you have a Gmail account and you log in, there’s a link in the lower right corner that either reads “The latest activity was # minutes ago” or “Open in # of other places” followed by a Details link.
When you click the link, Gmail opens an Activity Information window which displays what the access type was, what the IP address was, and the date of the access. For instance, if I was logged into Gmail and opened the Activity Information window, I’d see that I’m accessing it from my IP address, which is somewhere in the United States.
This is really neat feature – one that can ultimately protect your Gmail account from hackers.
Become a Patron of Ask Leo! and go ad-free!
Where Gmail thinks you are
The Activity Information window has interesting data because when an account gets hacked or compromised, it’s usually happening from overseas. So this is a quick way to find out if your account has been accessed from someplace other than where you expect.
It’s one of the reasons why I really like the feature. When you’re traveling, it’s kind of fun to see where Gmail thinks you’ve been accessing it. And I know that if I ever see a location that I’ve never been to accessing my Gmail account (say you’re in Seattle and all of the sudden there’s a login from Miami or you’re in the U.S. and there’s a login from China or Nigeria), then I know that something is wrong and I need to take action.
About that “Open in other locations” message
From your question, you indicated that you’re using three methods to get email: Mailwasher, Thunderbird, and web access. I’m not familiar with the technical details of how Mailwasher accesses your mail, but you’ve listed at least two different locations.
Even if you’re accessing email from the same computer or your email apps are referencing the same IP address, they are technically two different locations. For instance, if you’re running Thunderbird on a computer and you’re running a web browser on the same computer to access the same email, those may appear as two different “locations.”
Multiple devices means multiple places
If you’re using different devices to access Gmail, you may also see more than one device listed. For me, at any point in time, my Gmail account could be open on my desktop PC, my laptop, a Mac, my Android-based phone, or my Amazon Kindle. Depending on my usage pattern and how long Google keeps track, it may look like Gmail is open from five different locations. Coincidentally, all have the same IP address here at my home.
If multiple device logins make you nervous and you close the other locations, all that really does is force the other locations to have to re-login. Now, if that other location is a person who does not have your permission to access the account and they don’t know your password, you just kicked them off, which is great.
On the other hand, if you have mobile devices like I do that are configured to automatically re-login, kicking them off this way doesn’t do anything. They will eventually reconnect and appear as another open location once again. So you have to determine if the convenience of automatic login is worth the damage to your account if your device fell into the wrong hands.
Personally, the sign out of other locations is kind of nice, but I almost never use it because whenever I look at the list, I only see IP addresses that I recognize – and I know that I’m going to be accessing that account on multiple devices.
And sometimes IP addresses that I don’t recognize can be benign. For instance, if I gave a third-party tool access to your account and the tool is accessing your account, I might see a login that I don’t recognize.
But if you aren’t using third-party tools and you see a login from another part of the world than you’re used to, then you need to act quickly.
When to take action
Obviously, you first need to change your Gmail account password. But that’s just the first step. If somebody’s accessing your account from another place on the planet, then they could sabotage your recovery information so you can’t re-access your email account.
So while you still have access, make sure that you change your password, your recovery information, and so forth. You might check out “Email hacked: 7 things you need to do now,” which is an article that I wrote which basically runs down the list of things that you need to do once your email account has been hacked to regain or retain access to that account.
So that’s what these little messages in Gmail mean. It’s actually a very cool feature and I wish other systems did this kind of thing. But you need to understand the information that the Activity Information window contains, so you don’t misinterpret it or feel more paranoia than is necessary.