Friday, July 3, 21:52
Home security Google: Will it end up reusing passwords?

Google: Will it end up reusing passwords?

Mark Risher, Google's senior executive for the company safety accounts, identity and abuse, told The Verge that the passwords is one of the worst things on the Internet, claiming that although it is necessary for the safety and connection of individuals in many applications and site, is probably the main factor that leads to the violation of user systems. Strange as it may seem, a Google security officer says this because of the connection to gmail, password required. However, the company has been trying to keep users away from this model for years, or at least minimize it. One of Google's most "silent" tools in this endeavor is Password Checkup plugin, will become better known as it is linked to the Security Checkup table that is embedded in every Google account. Although users can use a tool, such as a password manager, to monitor their login credentials, many end up reusing the same passwords on multiple accounts.


Indicatively, 52% of users choose to reuse the same passwords on multiple accounts, while 13% use the same passwords on all their accounts, according to the results of a survey published in February 2019 by Google and company Harris. The Microsoft said in 2019 that 44 million Microsoft accounts used leaked Internet connections. While reusing passwords on more than one account can be a way for users to remember a complex word, phrase or combination of letters, numbers and symbols that they think no one will ever be able to guess, in practice this can put you in risk their personal data and data. If this reusable password is leaked after a data breach, hackers could gain access to many of a user's other online accounts, no matter how complex the password set. According to Kurt Thomas, a member of Google's security and abuse research team, data have leaked, they are 10 times more likely to experiment, compared to a person who has not been exposed to a breach.

Google reuse passwords

Google is trying to help users adopt better habits in terms of passwords. For years, the company has been offering a built-in password manager on Google accounts. Chrome and Android which can store users' passwords and automatically fill them in on sites and applications. However, since last year, Google has been trying to help users prevent more powerful passwords by checking passwords. It is a tool that controls connections to a database of 4 billion credentials that have leaked, seeing if the password entered by a user corresponds to the one that has already been leaked.


Understanding how to let go Password Checkup Breaking credentials in a way that respects confidentiality was a difficult technical problem that required a joint effort by Google and Stanford University. The challenge was to find a way to automatically check a user's credentials in a breached database without revealing this information to Google or giving the user access to the entire database, while at the same time escalating this solution to the huge user base. of Google. To do this, Google saves an encrypted version of any known username and password that is exposed to data breach. Each time a user connects to an account, Google will send an encrypted version of their login information to that database. That way, Google can't see its password and it can't see the list of known Google infringements. If Google detects a match, it will display a notification recommending the user to change their password for this site. Google receives compromised links from many different sources and trusted partners, including underground forums where passwords are publicly disclosed.

Google

The company has a moral policy that it would never pay cybercriminals for stolen data. But due to the way these markets work, very often stolen data will leak. Using Google's personas in these markets, the company can get the data. It took about two to three years from the release of Password Control to appear on many Google products, according to Thomas. Google wants to notify users when it detects that a stored connection has been compromised. Over the course of the year, Google plans to allow users to use Chrome password control, even if they are not connected to a Google account.
Google is not the only company offering password control. The 1Password payment code administrator suggests changing weak or duplicate passwords and offers Watchtower, which controls users' login credentials based on Troy Hunt's Have I Been Pwned database with more than 9 billion match-fixes and infringed accounts. . Still, the Apple announced that its next version Safari will include a password tracking tool that is expected to work similar to Password Control. However, Google has the advantage of helping users with passwords thanks to its large scale. Tools such as Password Checker and built-in password management achieve a broader goal to make security easier for Internet users.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

Avaddon ransomware: Attacks through Excel 4.0 macros

Microsoft announced yesterday that Avaddon ransomware spread this week through an old technique that came to the fore again. The...

Apple: Prohibits updating Chinese Apps without permission

Apple is banning developers from updating existing apps in China's App Store if they don't have government approval.

Australia: Thousands of MyGov accounts are sold on the Dark Web

Access to more than 3600 MyGov accounts is being sold on the dark web, potentially exposing thousands of Australians to fraud and identity theft.
00:03:03

Party Time: Watch TV with your friends online

Party Time: Watch TV with your friends on the internet Time for a different party than you are used to, watching your favorite ...

CISA and FBI warn businesses of Tor's risks

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning to businesses regarding ...

openSUSE: The new Leap 15.2 hard drive has been released

Recently, the next stable version of the openSUSE operating system was released. According to the development team of the operating system, ...

What are the most popular types of malware?

Researchers are looking for the most common types of malware. During the investigation of the malicious activities, the researchers in cyberspace focus ...

REvil ransomware: Target the Light SA electricity company

The operators of REvil ransomware (also known as Sodinokibi) violated the Brazilian electricity company Light SA ...

LinkedIn: Our bug is due to an iOS problem

A representative of LinkedIn told ZDNet yesterday that an error in the iOS application was responsible for a seemingly "interfering behavior" that ...

Valak Info Stealer targets businesses in Europe and America

Many businesses in North and South America, but also in Europe, have fallen victim to the infamous Valak Info Stealer.