[perl4ever]

The interesting thing about Gmail for me, is that I lost the ability to log in to my primary Gmail account quite some time ago (well over a year I think) and yet I still have a device that remains logged in and showing me new mail even though I don't have the password, can't send mail, and can't reset the password by any means.

I am beginning to think it is a notable security hole, as Gmail shouldn't, and surely does not in general, allow a session to last for years without timing out or requiring re-authentication.

[jobigoud]

Are you sure the password isn't saved somewhere in the mail client on the device and sent up regularly?

[perl4ever]

Possibly, although it won't send. And, you know, Google is often pretty aggressive at locking devices out if it thinks they are insecure. This is a 1st gen Kindle Fire, and I'm pretty sure it is very obsolete and not getting updates for a while. So even if it is still trying to log in, that doesn't make it expected in my mind that it would continue to work.

If it were sending the password (out over WiFi to my tethered phone) is there a way for a bear of very little brain to MITM it?