Google will now let Android users log in to some services without a password
Available soon on all Android 7 phones and later
Google 's Password Checkup feature is now integrated directly into your Google Account and will warn you if your saved passwords have security issues These are compromised passwords , reused passwords , and weak passwords as shown below. Passwords with issues. You can then click on
Password reuse is the main thing Google is trying to discourage, because using the same password for multiple services could put you in a dire If you ’re not a fan of digital password managers, just write ‘em down somewhere at home. Even that’s a good option if you can keep prying eyes away
Nearly a quarter of Americans use "Admin," "abc123" and "123456" as passwords, according to a survey released by Google and Harris Poll on Wednesday. If you're one of them, you could benefit from, a tool Google is folding into its accounts management service.
Google said it would, which is designed to warn people if their usernames and passwords were stolen in data breaches, into its Password Manager on Wednesday. Password Checkup was first released as a in February.
Gmail will now warn users when an email recipient is out of the office
On Thursday, Google published a post to its G Suite blog announcing that Gmail and Hangouts Chat will warn users when the recipient of their message is on vacation or away. To prevent Gmail users from receiving an onslaught of emails while they're on vacation, Google announced yesterday on its G Suite blog that the platform will warn senders when the receiver of their email or Hangouts Chat message is away. Users will first need to note which dates they will be out of the office on their Google Calendar; those they have shared the calendar with will then receive a warning if they attempt to send an email their way.
Though, reusing a password across different platforms poses a looming problem, one that could be quickly uncovered if a hacker is able to compromise your No one really wants to have to remember a multitude of different passwords , which is one of the obvious reasons for people commonly reusing
Do you always create unique passwords such that you never use the same one twice? Ever? Let me help demonstrate the problem; I’ll show you what happens when you reuse or create weak passwords based on some real world examples which should really hit home.
The plan was always to add the extension as a default tool, said Google's director of account security, Mark Risher. He explained that the extension released in February was a way to experiment with how to present the tool to the public, but the long-term goal was to get Password Checkup to as many people as possible.
"The state of passwords is so bad that we want to turn this on for every user across the internet," Risher said.
count on people reusing the same passwords across multiple accounts, and they try to use them to access as many accounts as possible, a technique called "credential stuffing." So if your username and password in 2012, hackers could try to use those credentials to .
Google Calendar will guess your working hours and warn colleagues
Google Calendar's Working Hours feature has been around for a while, letting you inform others when you'll be around for meetings and when you're unavailable. Previously, you'll have had to activate it through the app's settings, but now it'll be enabled by default, displaying an estimate of your work day availability based on previous appointments (which you can tweak if they're not quite right). If you're creating an event, you'll get a warning notification that "some people might decline" if you schedule it outside of other people's working hours, which will be displayed in a new grid view.
Prevent users from reusing old passwords . Explain the importance of strong passwords —To help users create strong passwords , share these password If you don’t check this option, users with weak passwords can access your organization’s Google services until they decide to change their
Do you always create unique passwords such that you never use the same one twice? Ever? Do your passwords always use different character types such Let me help demonstrate the problem; I’ll show you what happens when you reuse or create weak passwords based on some real world examples
The Google-Harris Poll survey found that 66% of respondents used the same passwords for multiple accounts, leaving them vulnerable to potential attacks. The Password Checkup extension would notify people by automatically checking if a person's credentials were exposed in other hacks, something that Google's unit, , also does, as do and .
In the last eight months, more than 1 million people downloaded Google's extension, and it scans about 10 million passwords a month, Risher said. The company uses a cryptography technique called "blinding" so it can compare your passwords with a database of passwords leaked in public breaches, without viewing them.
In February, Google said it has a database of 4 billion usernames and passwords collected from public breaches. That database continues to grow as more breaches happen. Those credentials are also hashed and encrypted.
Google security tools bolster Maps, YouTube, password privacy
Google is introducing tools to help you fix passwords that are too weak. It is also bolstering privacy in Maps, YouTube, and the Google AssistantAfter all, you have more than two dozen online accounts, yet use the same password across most — if not all — of them. And because it is so darn difficult to remember a complex sequence of letters, numbers and special characters, the passwords that you do drum up are too easy to guess.
Weak passwords are a big flaw in computer security due to a lack of "entropy" or randomness. -) Worse still, if passwords are reused between services, that increases your security risk. If you do want to run Diceware locally, just download the source and run a webserver in Python with this
Don’t use a weak password for services that “don’t matter,” because some day you might give one of those We’ve covered how to create a memorable password if you absolutely have to. But since all our recommended password managers Instead, you want to pick wrong and uncommon answers.
About half the people using the extension had at least one alert about an exposed password within the first month of installing it, Risher said.
"In the last month, we scanned 21 million logins, and we detected 316,000 breached passwords," he said. The tool protected at least 750,000 accounts, Risher added.
Now people won't have to download an extension for the security notification. The Password Checkup tool will be added to Google's Password Manager, and checks all your saved passwords for security issues, the company said.
It won't be an automatic checkup -- so you'll still have to use the tool every time a new breach is announced. When it's integrated into Chrome browsers in December, it'll flag vulnerable passwords only when you sign in to accounts. Risher said Google could have Password Checkup be an automatic tool in the future.
"As users see more benefits, we can certainly explore the more automatic approach," he said. "If we can get people really understanding why this is beneficial for them, and how it works, that'll help us move more quickly to that automatic mode."
In addition to identifying passwords that were compromised in breaches, Google will also point out passwords that're being reused and weak passwords such as"123456." The tool will prompt people to update risky credentials and save new passwords to Google's Password Manager.
Risher said Google measures password quality through the, which recommend a minimum of eight characters and restrictions against words found in the dictionary.
"We're super confident that this is beneficial and makes people more secure," Risher said.
Firefox will soon have a real password manager
Mozilla is developing Lockbox, a password manager in due form. It is available in alpha version as an extension for Firefox.
Password management in Firefox is getting a new look. Mozilla engineers have started a project called "Lockbox" supposed to significantly improve the current password manager. The latter is accessible from the hamburger menu in the "Options -> Privacy and security" section. But the functionality is very small: you can register identifiers and passwords and, if desired, set a master password. And that's almost everything.
The goal of the Lockbox project is to propose a more complete tool with a more elaborate graphical interface. But from the first minutes of testing, we feel that we are on an Alpha version. Because the software - which can be installed as an extension from- is still very minimalist. It requires first the creation of a master password. Then, the user accesses a management space in which he can create and modify entries in the database. For each entry, it can define a title, a web address, a username, a password and notes. It can also search by keywords in the database. Everything is done from web forms.
Obviously, this is still rather rudimentary, but already looks more like a real password manager. To date, Mozilla has not given any details on the schedule of this project. But it is likely that this feature will eventually be integrated into the browser where it can compete with Lastpass, Onepass and others.
Forgot your password? That's because common password advice is bad, experts say .
For years, experts recommended crafting complex passwords in an attempt to foil hackers. But that's now a bad strategy for protecting yourself online.That way of thinking traces its roots to the early 2000s, in now-revoked guidance suggesting secure passwords should feature lots of random characters. But today's cyber security experts offer different, more user-friendly advice.