Google has always been a company that most of us simply associate with quality, period. Sure, they’ve had their little failures (remember Google Wave, anyone?) and they don’t dominate in everything, but when it comes to something like Gmail or most other Google based data storage accounts, we tend to view Google services as at least a fair bit better than what Microsoft or Yahoo! offer with their similar services.
Nonetheless, though Google usually gets things right when it comes to tech, not everything always goes smoothly for anyone and sometimes a mix of company laxness and mistakes by millions of users/customers can lead to serious problems like security breaches even with the best tech service providers.
This is exactly what Google’s otherwise excellent Gmail service suffered at least twice: once during the summer of 2011 and again in the summer of 2012. The first incident was caused by Chinese hackers operating a massive organized password hacking plot and the second time around the attacks came from a hacking group calling itself D33Ds Company, which used similar tactics and claimed that it committed its breaches for the sake of calling attention to massive security holes in online email services.
These tactics themselves involved a mostly two part scheme of using phishing schemes to deceive users into giving up their private login related data and taking advantage of the fact that many online account users used the same passwords across all their different accounts, be they from Yahoo, Facebook or Google.
Either way, what both attacks showed when it comes to Google was that simple password login systems are just not that secure against serious intrusion efforts, especially if the users themselves aren’t particularly savvy about basic data security protocols.
To be fair to Google, while the company suffered over 100,000 breached accounts in the 2012 hack attack, Yahoo fared even worse with more than 400,000 cracked emails (See, Yahoo proves its inferiority even here)
Given this little bit of Google hack history and its obvious lessons on password safety, the tech giant decided to take some serious notice and try avoiding more of the same down the road.
Google’s Improved Password Policy
Three words: Two Factor Authentication. This is the backbone of Google’s efforts to keep its reputation among online email providers shiny.
Though Google had already implemented two factor authentication well before even the 2011 Chinese hacker group’s attack on the service, the company simply didn’t put any effort into making it well known as an option, and millions of less security minded users simply stuck to their old habits of using passwords like “password1234” and then keeping them the same across several different online accounts!
fter the 2011 incident, the company put more effort into giving this much more secure means of accessing an email account publicity and following the large 2012 security breach, upped these efforts further still. A lot of Gmail users still haven’t gotten around to understanding that two factor verification is much, much safer than a single password that can easily be guessed, stolen or discovered and easily used to access their account, but the policy of two factors is slowly catching on, especially since it’s been made so easy to implement.
Essentially, if you want two factor verification for your Google account, you simply visit their setup page at: http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744&rd=1
Set your country, give them your mobile phone number and possibly even a backup number in case your first phone goes missing; set a security code that they’re going to send you any time you want to log into your account and you’re done.
You can even set up printable backup codes for those crazy cases in which you lose both of the phones that you set to receive your security factor. And, for online applications like Android 2.3 and lower, which won’t accept mobile phone based two factor authentication codes, you can also set something called and Application Specific Password; a different one for each application.
With these steps in place, any time you want to access your Gmail account or any of your Google accounts –such as their Drive cloud storage service—you type in a password like usual and then also add in the verification code that you’re automatically sent.
By setting this up, Google has now created what is a virtually hack-proof security barrier between intruders and your Google account. Assuming that you stick to general basic security polices, you are extremely unlikely to lose access to or have stolen your valuable emails or stored data.
This is the beauty of Google’s new two factor authentication system. Now, given that, let’s also quickly cover some of those general basic security protocols that you should always follow, whether you’ve signed up to two factor protection or not.
A Few Additional Google Security Basics
Whether you use two factor protection or not, follow these at all times to keep your email browsing and data itself as secure as possible
Never leave your accounts open, especially on public machines or other peoples devices: This is a particularly important step since even two factor authentication won’t protect you from having your account accessed by someone who already finds it open! Always remember to sign out when you’re done using your Gmail account, even on your own devices but particularly on public or third party machines.
Enable HTTPS: Google secures all your in-email data through strong encryption but enabling HTTPS extends this protection to data transmission over any third part unsecured network. Setting it up is simple and a big security boost. Simple go to your Gmail settings tab under the little gear icon on the top right side of the screen and scroll down to where it offers HTTPS protection. There, less than a minute of work and you’ve just skipped up your data security dramatically.
Never share your passwords or factor receiving devices: Another obvious and powerful account security tip that you need to follow. While most of us know better than to hand our passwords out as if they were our pet’s names (even if they really are our pets names) using two factor verification means an additional layer of safety consciousness: also don’t share the mobile devices you use to receive your verification factors. Doing so can leave you open to spyware based snooping.