Background:
I was (for the first time) setting up a remote connection from home to my office:
- Install OpenVPN client, install certificate (.ovpn file) in it, start connection
- Start Windows 10 Remote Desktop and try to login to my work PC
- This failed, Windows 10 on the work side complains that I have to log in through Windows Hello or with a smart card.
That may indeed be something to configure there. The smart card was plugged in at home, OpenVPN requires it.
The key point here is that I did NOT log in to my work PC. That work PC was running, locked and had no programs running (other than some background processes). - At home, my Win 10 machine was running FireFox with Lastpass active.
Issue:
8 minutes later, I get two Google security alerts for failed login attempts: one from a dormant Google account that I have not used in ages, and one from an alias for my mother in my main Google account (different password).
The IP address for those two attempts is my work public IP address.
This really baffles me. Does software on the work computer know anything about these Gmail accounts and make a login attempt? Maybe in the distant past have I used those Google accounts from work, but I don't remember.
The only 'suspect' I can think of is LastPass, which stores these accounts.
But my FireFox at work was NOT running when I left Friday, and I'm never automatically logged into LastPass at work anyway.
Any suggestions as to what I can investigate?
Security at work is pretty tight, a compromise somewhere seems unlikely (and the issue is too coincidental).