From email and cloud storage to smartphones and tablets, there is an increasing chance that your daily routine utilises at least one Google service. As they consider new services and programs, these chances will only increase. With the myriad of ways that Google is attached to your personally identifiable information, a proper password is crucial.
Unfortunately, Google’s password authentication system is less than ideal. As recent compromises at Twitter, LinkedIn and Sony have shown, users cannot rely solely on the security of the service provider. However, by taking advantage of new features and improving the strength of your passwords, you can reduce the chances of an account compromise and protect your personal information.
Multi-factor authentication—Google’s latest account security tool
Hackers and identity thieves are constantly adding new tools and tactics to their arsenal. With the power of distributed computing and compromised servers, cracking the average password or executing wide-scale brute force attacks is becoming easier, faster and more efficient. Early technologies used to thwart these attacks included account locking and captcha services. However, even these have become less effective and can be potentially disruptive for service users.
Google’s answer to the weaknesses and concerns of these systems is multi-factor authentication. The service works by registering a mobile phone number with your Google services account. Upon your first login from an unregistered IP address, the system will initialise. Google will then text or call your mobile phone and provide a short code that must be entered into the site to gain access.
In most cases, you will not be required to enter this information again until you attempt to sign in from a new location. This makes it convenient to secure the security on your account. However, it is still important to practice proper password creation and implementation procedures as well.
Securing your Google accounts through proper practices
For most users, finding the best password implementation practices is a matter of finding a balance between convenience and overall security. In most cases, a minimum guideline for passwords should include unique passwords for each account or service, complex passwords and regular password changes. It was once considered adequate to simply create a password with at least eight unique characters.
However, in many cases, it is recommended to try to expand your passwords to at least 16 characters and include special characters, numbers and varied cases. This will help to reduce the chance of a successful brute force attack. Consider changing your password at least once every 90 days and avoid repeating passwords between accounts and password updates where possible.
When choosing a password, avoid common words, repetition or sequences. A common way of improving password security is to use a combination of words. Unfortunately, a recent research paper from Ashwini Rao shows how hackers can exploit this trend exploited easily as well. For maximum complexity, combine symbols, acronyms, abbreviations and other methods to create a password that is easy to remember but difficult to decipher.
Other tools to help improve security include password organisation programs and services, such as KeePass or LastPass. These programs are available for a variety of devices and operating systems. They also support numerous encryption methods and ways to ensure that your password database is still secure in the event that your device is lost or stolen.
Included password generators make it simple to create complex passwords with a higher degree of randomness without the need to remember them. However, if you depend on these tools, ensure you can access them when needed as without access to your database you may be locked from your accounts.
With constant improvements in Internet technologies and cloud computing, more users are conducting daily business over the Internet. While these services offer a level of convenience and functionality that was previously impossible, they also open up additional ways for malicious users to perform cyber attacks. Many companies are racing to stay ahead of security trends and provide improved security for users.
Recent adoption of multi-factor authentication by Google exemplifies this trend. As threats continue to evolve, both users and companies will need to consider further improvements to both security features and practices to ensure data security in an increasingly digital era.