Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Should I Be Worried about the “Open in Other Locations” Message from Gmail?

Question: When I go to my Gmail account, mainly to clear out existing email, I always click on or open the Details link in the lower right. Sometimes, I see a “Sign out of other sessions” link so I can click on this to supposedly sign out any other session. So my question is: why do I see this and what “paranoid rating” (for lack of a better word) do I give this? I use basically three options for checking my email. One is using Mailwasher Pro, the second is using Thunderbird, and the third is using Firefox and going to Gmail.

Let me start by explaining this feature. If you have a Gmail account and you log in, there’s a link in the lower right corner that either reads “The latest activity was # minutes ago” or “Open in # of other places” followed by a Details link.

When you click the link, Gmail opens an Activity Information window which displays what the access type was, what the IP address was, and the date of the access. For instance, if I was logged into Gmail and opened the Activity Information window, I’d see that I’m accessing it from my IP address, which is somewhere in the United States.

This is really neat feature – one that can ultimately protect your Gmail account from hackers.

Become a Patron of Ask Leo! and go ad-free!

Where Gmail thinks you are

The Activity Information window has interesting data because when an account gets hacked or compromised, it’s usually happening from overseas. So this is a quick way to find out if your account has been accessed from someplace other than where you expect.

It’s one of the reasons why I really like the feature. When you’re traveling, it’s kind of fun to see where Gmail thinks you’ve been accessing it. And I know that if I ever see a location that I’ve never been to accessing my Gmail account (say you’re in Seattle and all of the sudden there’s a login from Miami or you’re in the U.S. and there’s a login from China or Nigeria), then I know that something is wrong and I need to take action.

Gmail open in other locations

About that “Open in other locations” message

From your question, you indicated that you’re using three methods to get email: Mailwasher, Thunderbird, and web access. I’m not familiar with the technical details of how Mailwasher accesses your mail, but you’ve listed at least two different locations.

Even if you’re accessing email from the same computer or your email apps are referencing the same IP address, they are technically two different locations. For instance, if you’re running Thunderbird on a computer and you’re running a web browser on the same computer to access the same email, those may appear as two different “locations.”

Multiple devices means multiple places

If you’re using different devices to access Gmail, you may also see more than one device listed. For me, at any point in time, my Gmail account could be open on my desktop PC, my laptop, a Mac, my Android-based phone, or my Amazon Kindle.  Depending on my usage pattern and how long Google keeps track, it may look like Gmail is open from five different locations. Coincidentally, all have the same IP address here at my home.

If multiple device logins make you nervous and you close the other locations, all that really does is force the other locations to have to re-login. Now, if that other location is a person who does not have your permission to access the account and they don’t know your password, you just kicked them off, which is great.

On the other hand, if you have mobile devices like I do that are configured to automatically re-login, kicking them off this way doesn’t do anything. They will eventually reconnect and appear as another open location once again. So you have to determine if the convenience of automatic login is worth the damage to your account if your device fell into the wrong hands.

Personally, the sign out of other locations is kind of nice, but I almost never use it because whenever I look at the list, I only see IP addresses that I recognize – and I know that I’m going to be accessing that account on multiple devices.

And sometimes IP addresses that I don’t recognize can be benign. For instance, if I gave a third-party tool access to your account and the tool is accessing your account, I might see a login that I don’t recognize.

But if you aren’t using third-party tools and you see a login from another part of the world than you’re used to, then you need to act quickly.

When to take action

Obviously, you first need to change your Gmail account password. But that’s just the first step. If somebody’s accessing your account from another place on the planet, then they could sabotage your recovery information so you can’t re-access your email account.

So while you still have access, make sure that you change your password, your recovery information, and so forth. You might check out “Email hacked: 7 things you need to do now,” which is an article that I wrote which basically runs down the list of things that you need to do once your email account has been hacked to regain or retain access to that account.

 

So that’s what these little messages in Gmail mean. It’s actually a very cool feature and I wish other systems did this kind of thing. But you need to understand the information that the Activity Information window contains, so you don’t misinterpret it or feel more paranoia than is necessary.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

20 comments on “Should I Be Worried about the “Open in Other Locations” Message from Gmail?”

  1. Getting this alert since morning whenever I try to go invisible on gmail chat – Oops! You are not invisible because you’re logged into Google Talk from another client, device, or location that doesn’t support invisibility.

    Logged out of all google products on my laptop and phone and changed password 3x but I’m still getting that prompt. What can I do abt this?

    Reply
  2. Very often my gmail shows that its signed in another location/session but it always shows the same ip address as mine. I don’t have any other devices connected to gmail, I changed the password and have 2 step verification but it still shows another session half of the time I log in, could someone be hijacking my session? or some other reason? I always clear my cookies and gmail never shows that anyone has logged in at other times, only when I am logged in.

    Reply
    • Unlikely. It’s more likely that you have another device (smart phone, tablet) or another PC, or perhaps even another window in the same PC that counts as “another location”. I see it all the time.

      Reply
  3. There are no other computers, smartphones or tablets on my internal network and neither is gmail open in another browser or browser tab but most of the time I see a new session appear with the same ip address. I have a new install of windows 8 and kaspersky endpoint security 10. I checked tcp view at the time I see the new gmail session open but cannot see any connections to my pc other than firefox.exe and avp.exe which is part of kaspersky.

    Reply
  4. I have the same problems , not always .

    Sometimes I log in and I check and I can see the alert that my gmail account is open in another location , same ip , but I have only one computer .
    And I never open gmail in two browser tab .
    I have a laptop and I dont have this problem in others networks .
    I

    Reply
    • I’v exactly the same problem, but after visiting this site and reading all the posts and comments, I am now somewhat less worry about it – it might after all be one of those benign, yet scary, things that we have to live with, until some Google guys somehow sort it out.

      Reply
  5. I, too, have same problem with Google Apps for Domain – Gmail. I actually have 2 Google Apps accounts. One account NEVER has the “concurrent session” problem, the other account has it. In fact, the account that has this problem, several years ago I actually deleted the entire account, re-signed-up for it (while they were still free), and that fixed the problem for several years — until recently the concurrent session problem started again.

    I am a computer expert with 30+ years of experience. I can assure you (and google) that no other devices, PC’s, browsers, browser windows, apps, etc… have ANY access or have opened a Gmail session. This is 100% a google problem, and I know that because when I had the problem years ago, deleting the entire account, then re-opening it thereafter, solved the problem. NOTHING on my end changed — I never even changed the password (I had previously tried that, but after quickly knowing that was not relevant, I never changed it again, and when I re-signed up, I used the same password again).

    Honestly, little things like this show that Google has more quality issues than people think.

    If anyone here has access to a troll at google, please ask them to look into this. Pathetic that they either do not know this problem exists, or have no motivation/ability to fix it.

    Reply
  6. Hi im Yewson from Malaysia.. my gmail account been use by someone. The person change my password and everything till I cannot sign in my google account and cannot link to my playstore android phone..I think is scammer done it.. the scammer stole my clash of clans account and join other clans call viva persion.. my clash of clan games got link to facebook . That’s why I know my account been use by someone.. I have try to report to google n do some recover form.. but seem like not work at all..can anyone help me please? The person change my detail as his detail.. cause it located in iran and im from malaysia..

    Reply
  7. is it possible for gmail to post an inaccurate access type for gmail and ip address? For instance, most of my ip address stem out of the same places, one being bahrain and the other being guam. i noticed that for access type however, it has “browser” without the description of the browser such as “safari” or “firefox” for two entries, one being guam and one japan. what would be the reason for a japan ip address? could this be a mistake?

    Reply
  8. Hi, How can I check IP address of the device I’m still logged on (gmail) but I don’t have this device with me any more (it was stolen).

    Reply
  9. Dear Satish,
    I ‘m Hoang, in VietNam, at present I also have this matter, such as my account is active in another location, I’m have limit knowleadge in IT so i can not solve it
    Can you please advise the details information so that I can follow
    Which program that we can stop the hacker

    many thanks for your help

    Reply
  10. Dear Mr. leo,

    I try to check the other account gmail, which did not use for three years ago, I just log in in one computer but when I change the account password, it also present the information in the right bottom such as my account is active in another location

    How can we solve, maybe this is the hole of gmail?

    Looking forward to receiving your instruction

    Many thanks

    Reply
  11. Kindergarten answer for idiots. I access GMAIL only from the same Chrome OS with 2 factors authentication and from time to time people get in. Every time I download a file somebody gets in (regardless if I open it or not). Java, pictures, flash etc are disabled too. Your excuse for Google is hogwash. I want to see electronic signatures traceable to Google in ALL their answers so they can be held accountable. It is becoming a mediocre company that cares more about PR than quality. I had this problem with Google several times WITH ALL THEIR SERVICES. I cut them out of all activity but GMAIL.

    Reply
    • What do you mean by “getting in”?

      My experience is that lots of times we misinterpret what is happening. To me “Getting in” would mean a full hack of your Gmail account.

      Reply
  12. If you use a wireless router, modem, gateway, or other network device, check the device’s settings. Remote management should be turned OFF. Firewall should be set to HIGH. UPnP should be OFF. Do not use the default passwords, even if they are random. Hackers can reverse engineer the formula that is used to generate the factory passwords. Firmware should be up-to-date. If the manufacturer do longer releases firmware updates, it might be a good idea to replace the device. Check the network device’s DNS settings. If there are IP addresses for the primary and secondary, your network traffic might be routed through an attackers server.

    Install Kaspersky IoT scanner on your smartphone to check for network security flaws.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.