[davidmitchell2]

> presumed that the security message was because of new IP addresses that must have been assigned. While I was initially able to log in to my accounts after replacing both the routers, o

1. Verify if your router or router software that you installed in your PC is doing something fishy.

2. As long as you have a browser window with cookies - even new IP address should NOT matter. It should allow you. I am almost always working in cafes with different IPs it - just works.

3. Please please verify your recovery email ID. Some times I have made the mistake of typing first.last@ instead of without dots. Send an email to your recovery ID to test.

Please get a 2FA U2F token.

[zelphirkalt]

Installing any software for using a router on your PC already sounds fishy for me. Routers should not require any software being put on a PC.

[j4tech]

I should have been a more clear. I flashed Merlin firmware on the new router. Not on my laptop.

[davidmitchell2]

Many providers do it... sadly

[syshum]

I have never had one actually require it, often the installers will claim that but back in the day I would just say "sure here is my linux machine have fun installing your windows software on it" and magically they did not need to install anything any more....

[davidmitchell2]

But as one can imagine people (99% are on Windows) do it in haste...

[j4tech]

1. My new Asus RT AX86U had Merlin installed on it. I disconnected this router after I started getting security alerts and switched to using the router provided by my Service provider.

2. I use firefox with cookie cleaner add-on that clears cookies the second I close the tab.

3. I have a paper copy of the account details and I am 100% sure of my recovery email. I got a Yubi key recently and plan to use that and authenticators on all my accounts.

[davidmitchell2]

2. Instead of that use separate firefox profiles - one exclusively of Gmail. Another for casual browsing. If you clear cookies all the time then it seems like you are logging in so many times per day. This could be a warning sign of hacked account - for google. (i.e) do not do unusual things.

3. At the end U2F is the proper solution, albeit late!

[j4tech]

Good point @davidmitchell2. I will do that.

[davidmitchell2]

I therefore have one for facebook, slack and so on (i.e) for every major company when I login. Then one is for just browsing.

[thetinguy]

Google, Microsoft, and Apple all use previously authenticated ips as a signal for their account recovery processes.