Long story short: I have reason to believe that an unauthorized person has logged into my Gmail under my name and with my password (from some other location.) I’ve changed my Gmail password, but if they logged in, does this mean they get to stay in my Gmail account indefinitely (until they log out?)
I don’t know the answer, but it wouldn’t be hard to find out. log in with one browser / computer, then change your password with another browser / computer and check to see if the first one can still click around / see new email.
Just curious though, what led you to believe that someone had logged in as you?
At the lower right corner of the gmail window there is a “Last Account Activity: <some time> ago”. Click “Details” below that. That should take you to an “Activity information” page with a button called “Sign out of all other gmail web sessions”. Click it to boot the other person immediately if they are still logged in.
There is a function in your account management to forcefully disconnect devices you don’t recognise.
Use that, then change your password again and set up 2FA. (Google it)
It’s easier to understand and google “2FA” if you spell it out as two-factor authentication.
“Need answer fast”
No need for caps lock! Google 2fa.
In Gmail scroll all the way down to the bottom and look on the right for a link that says “Details.” Click it. This link is at the very bottom and on the right. It opens a window that shows you all the clients that are logged in and lets you log out of all of them – the button is hard to miss to log out. As an additional advantage you will see WHERE people are logged in which might help you figure out who compromised your account.
Changing your password DOES log you out of all devices.
Just go here to activate two factor authentification (it’s under “Signing in to Google”)
All right thanks all!