While Facebook can’t seem to get out of its own way to make sure its users’ data is protected, Google is taking extra precautions to make sure it doesn’t fall into the same bottomless pit of consumer distrust.
Google’s new security defense comes as a response to a recent survey which asked 3,000 Americans for their two cents worth on web security elements such as passwords, two-factor authentication, phishing, and password managers.
Interestingly, 69 percent of the respondents gave themselves an A or B in protecting their online accounts, yet 66 percent admitted to reusing passwords, and 40 percent couldn’t accurately define phishing.
To Google, that was a clear disconnect and sufficient reason to create two Chrome browser updates that it insists will not only keep internet surfers’ data secure but work beyond its own apps and sites.
Staying ahead of threats is key
ConsumerAffairs readers are all too familiar with monster-sized breaches like Quora’s data break-in that impacted 100 million users and home design website Houzz’s recent smash-and-grab that possibly allowed access to 40 million user IDs, postal codes, and more.
If those numbers aren’t eye-popping enough, take a look at the recently discovered "Collection #1" data breach, reported to have exposed 772,904,991 unique emails and 21,222,975 unique passwords -- possibly the largest breach ever.
To try and curb those types of breaches going forward, Google created Password Checkup, a Chrome extension that helps protect user’s accounts from such infractions.
“We help keep your Google Account safe by proactively detecting and responding to security threats,” Google’s Kurt Thomas, Security and Anti-Abuse Research Scientist, and Adam Dawes, Senior Product Manager, Developer Tools for Identity, said in the product announcement.
“For example, we already automatically reset the password on your Google Account if it may have been exposed in a third-party data breach -- a security measure that reduces the risk of your account getting hacked by a factor of ten.”
“If we detect that a username and password on a site you use is one of over 4 billion credentials that we know have been compromised, the extension will trigger an automatic warning and suggest that you change your password.”
In the isolated situation where an attacker actually makes its way into a user’s Google account, the company’s built in tools like verification and warnings of potentially harmful apps will help users get back to safety ASAP.
That’s where the second new Chrome add-on -- Cross Account Protection -- helps. “When apps and sites have implemented it, we’re able to send information about security events -- like an account hijacking, for instance -- to (the user) so they can protect (them), too,” Thomas and Dawes wrote.
What data will Google share when a security “event” happens?
Google says it designed the security events to be extremely limited to protect your privacy. The company says that:
It will only share the fact that the security event happened;
It will only share basic information about the event, like whether the user’s account was hijacked, or if Google forced the user to log back in because of suspicious activity; and
It will only share information with apps where the user logged in with Google.
To widen its protective stance, Google is working with other major technology companies -- like Adobe, the Internet Engineering Task Force (IETF), and the OpenID Foundation -- to make this easy for all apps to implement.
It may seem obvious, but…
In comments to ConsumerAffairs, Emily Schechter, Product Manager, Chrome Security at Google reminds us all that we can’t be too safe.
"Even though it may seem obvious, some of the best security advice is still: use unique passwords; update your software and apps; and use two-factor authentication. While these things may seem basic, they can really do a lot to improve your online security,” Schecter said.
Geting started with Google’s new Chrome security add-ons is a relatively simple process. Users can get started by simply clicking here to add Password Checkup as one of Chrome’s extensions.