•   
  •   
  •   

Technology Google wants to warn you if you reuse passwords or create weak ones

13:45  02 october  2019
13:45  02 october  2019 Source:   cnet.com

Google will now let Android users log in to some services without a password

Google will now let Android users log in to some services without a password Available soon on all Android 7 phones and later

Google 's Password Checkup feature is now integrated directly into your Google Account and will warn you if your saved passwords have security issues These are compromised passwords , reused passwords , and weak passwords as shown below. Passwords with issues. You can then click on

Password reuse is the main thing Google is trying to discourage, because using the same password for multiple services could put you in a dire If you ’re not a fan of digital password managers, just write ‘em down somewhere at home. Even that’s a good option if you can keep prying eyes away

Nearly a quarter of Americans use "Admin," "abc123" and "123456" as passwords, according to a survey released by Google and Harris Poll on Wednesday. If you're one of them, you could  benefit from Password Checkup, a tool Google is folding into its accounts management service.

a close up of a sign: Google's Password Checkup tool is designed to warn people if the passwords they use have been stolen in any data breaches. Graphic by Pixabay; illustration by CNET© Provided by CBS Interactive Inc. Google's Password Checkup tool is designed to warn people if the passwords they use have been stolen in any data breaches. Graphic by Pixabay; illustration by CNET

Google said it would integrate the tool, which is designed to warn people if their usernames and passwords were stolen in data breaches, into its Password Manager on Wednesday. Password Checkup was first released as a Google Chrome extension in February.

Gmail will now warn users when an email recipient is out of the office

Gmail will now warn users when an email recipient is out of the office On Thursday, Google published a post to its G Suite blog announcing that Gmail and Hangouts Chat will warn users when the recipient of their message is on vacation or away. To prevent Gmail users from receiving an onslaught of emails while they're on vacation, Google announced yesterday on its G Suite blog that the platform will warn senders when the receiver of their email or Hangouts Chat message is away. Users will first need to note which dates they will be out of the office on their Google Calendar; those they have shared the calendar with will then receive a warning if they attempt to send an email their way.

Though, reusing a password across different platforms poses a looming problem, one that could be quickly uncovered if a hacker is able to compromise your No one really wants to have to remember a multitude of different passwords , which is one of the obvious reasons for people commonly reusing

Do you always create unique passwords such that you never use the same one twice? Ever? Let me help demonstrate the problem; I’ll show you what happens when you reuse or create weak passwords based on some real world examples which should really hit home.

The plan was always to add the extension as a default tool, said Google's director of account security, Mark Risher. He explained that the extension released in February was a way to experiment with how to present the tool to the public, but the long-term goal was to get Password Checkup to as many people as possible.

"The state of passwords is so bad that we want to turn this on for every user across the internet," Risher said.

a screenshot of a cell phone© Provided by CBS Interactive Inc.
Here's how to use Google's Password Checkup tool

Hackers count on people reusing the same passwords across multiple accounts, and they try to use them to access as many accounts as possible, a technique called "credential stuffing." So if your username and password were stolen in a Yahoo breach in 2012, hackers could try to use those credentials to take over a Dunkin' Donuts account in 2018.

Google Calendar will guess your working hours and warn colleagues

Google Calendar will guess your working hours and warn colleagues Google Calendar's Working Hours feature has been around for a while, letting you inform others when you'll be around for meetings and when you're unavailable. Previously, you'll have had to activate it through the app's settings, but now it'll be enabled by default, displaying an estimate of your work day availability based on previous appointments (which you can tweak if they're not quite right). If you're creating an event, you'll get a warning notification that "some people might decline" if you schedule it outside of other people's working hours, which will be displayed in a new grid view.

Prevent users from reusing old passwords . Explain the importance of strong passwords —To help users create strong passwords , share these password If you don’t check this option, users with weak passwords can access your organization’s Google services until they decide to change their

Do you always create unique passwords such that you never use the same one twice? Ever? Do your passwords always use different character types such Let me help demonstrate the problem; I’ll show you what happens when you reuse or create weak passwords based on some real world examples

a close up of a sign: Google © CNET

Google "Password Checkup" tool will warn people if the passwords they use have been stolen in any data breaches.

The Google-Harris Poll survey found that 66% of respondents used the same passwords for multiple accounts, leaving them vulnerable to potential attacks. The Password Checkup extension would notify people by automatically checking if a person's credentials were exposed in other hacks, something that Google's smart home unit, Nest, also does, as do Netflix and Facebook.

In the last eight months, more than 1 million people downloaded Google's extension, and it scans about 10 million passwords a month, Risher said. The company uses a cryptography technique called "blinding" so it can compare your passwords with a database of passwords leaked in public breaches, without viewing them.

In February, Google said it has a database of 4 billion usernames and passwords collected from public breaches. That database continues to grow as more breaches happen. Those credentials are also hashed and encrypted.

Google security tools bolster Maps, YouTube, password privacy

  Google security tools bolster Maps, YouTube, password privacy Google is introducing tools to help you fix passwords that are too weak. It is also bolstering privacy in Maps, YouTube, and the Google AssistantAfter all, you have more than two dozen online accounts, yet use the same password across most — if not all — of them. And because it is so darn difficult to remember a complex sequence of letters, numbers and special characters, the passwords that you do drum up are too easy to guess.

Weak passwords are a big flaw in computer security due to a lack of "entropy" or randomness. -) Worse still, if passwords are reused between services, that increases your security risk. If you do want to run Diceware locally, just download the source and run a webserver in Python with this

Don’t use a weak password for services that “don’t matter,” because some day you might give one of those We’ve covered how to create a memorable password if you absolutely have to. But since all our recommended password managers Instead, you want to pick wrong and uncommon answers.

About half the people using the extension had at least one alert about an exposed password within the first month of installing it, Risher said.

"In the last month, we scanned 21 million logins, and we detected 316,000 breached passwords," he said. The tool protected at least 750,000 accounts, Risher added.

Now people won't have to download an extension for the security notification. The Password Checkup tool will be added to Google's Password Manager, and checks all your saved passwords for security issues, the company said.

a screenshot of a cell phone: The Password Checkup tool is set to come to Chrome browsers in December. Google© Provided by CBS Interactive Inc. The Password Checkup tool is set to come to Chrome browsers in December. Google

It won't be an automatic checkup -- so you'll still have to use the tool every time a new breach is announced. When it's integrated into Chrome browsers in December, it'll flag vulnerable passwords only when you sign in to accounts. Risher said Google could have Password Checkup be an automatic tool in the future.

"As users see more benefits, we can certainly explore the more automatic approach," he said. "If we can get people really understanding why this is beneficial for them, and how it works, that'll help us move more quickly to that automatic mode."

In addition to identifying passwords that were compromised in breaches, Google will also point out passwords that're being reused and weak passwords such as"123456." The tool will prompt people to update risky credentials and save new passwords to Google's Password Manager.

Risher said Google measures password quality through the US National Institute of Standards and Technology's password guidelines, which recommend a minimum of eight characters and restrictions against words found in the dictionary.

"We're super confident that this is beneficial and makes people more secure," Risher said.

Forgot your password? That's because common password advice is bad, experts say .
For years, experts recommended crafting complex passwords in an attempt to foil hackers. But that's now a bad strategy for protecting yourself online.That way of thinking traces its roots to the early 2000s, in now-revoked guidance suggesting secure passwords should feature lots of random characters. But today's cyber security experts offer different, more user-friendly advice.

—   Share news in the SOC. Networks

Topical videos:

usr: 1
This is interesting!