These days, it seems that to have a computer is to have a Google account. If one isn’t used for professional purposes, it is used as a personalized solution – and no wonder. The convenience and accessibility of these accounts alone are compelling, even before one considers the versatility that this account brings with it. Unfortunately, these benefits can be quickly overshadowed by risk if a Google account’s security is overlooked, even if unintentionally.
Naturally, this scenario is one that we all wish to avoid. To do so, it may help to look at why a Google account (and for that matter, any online account) needs to be secured, and a few ways to get you started.
Why Your Security is On You (Including Your Google Account)
Considering the relatively short time it has been around, the Internet has undergone a major image shift as its purpose has grown more complicated.
Initially, the plan for the Internet was to create a means of sharing information. Even its name reflects that, combining inter (which means reciprocal, or shared) with a shortened version of network (defined as a system of connected things).
When MIT’s J.C.R. Licklider composed the memos that described, as he called it, the “Galactic Network” in 1962, this purpose of sharing was displayed in full force. Described as a system of computers that were all connected – despite stretching across the entire world – to provide access to data and helpful programs, the Galactic Network is a dead ringer for the Internet that we know today. Later on, Sir Tim Berners-Lee credits the concept of a decentralized and open environment as the framework upon which he developed the World Wide Web. As he put it:
“Had the technology been proprietary, and in my total control, it would probably not have taken off. You can’t propose that something be a universal space and at the same time keep control of it.”
The Modern Internet
Today, the Internet retains many of these qualities. Think about the popularity of social media today, and how much we rely on collaboration in our places of work. Having what is a largely unrestricted network available to us, enabling us to share and cooperate, has allowed us to expand and flourish. These qualities are what have inspired the development of safeguards like open-access information and net neutrality, adopted in most of the industrialized world. Having said this, an exclusively laissez-faire approach has since been rendered impractical, simply because of how the Internet is used.
There is a large discrepancy in how the Internet is used now, as compared to the dream of the Galactic Network’s purpose. Rather than spreading education, exclusively, the Internet has become a conduit that can be (and is) used to transmit data of all kinds. This is important to recognize, as the data that is now transmitted is precisely the kind that requires intense security to protect it – and this is precisely why businesses like Google have devoted time to sculpting services that meet this balance.
Growing from what was once a Stamford doctorate dissertation project known as BackRub, Google is now a household name. Many businesses rely on the solutions developed by Alphabet Inc., as do a large portion of the general population. One of Google’s most common offshoots is Gmail, with businesses and private users alike using it for everything…including as a means of opening other online accounts.
This is exactly why a Google account is so incredibly important to protect.
Assuming that you have one, consider your own use of your Gmail account – have you used it to create any other online accounts? How much of your inbox is private information?
Putting the Pieces Together
This is the crux of why having a Google account can work both ways. The positive outcome is that you have a very convenient and reasonably secure solution to your need of an email to set up accounts with, or a single account that many other online services accept as a method of sign-in. So far, the negative outcome is a little harder to see, until you factor in one more crucial element:
Linking an account to your Google account ties your Google account’s security to it directly.
Or in other words, if you link an account to your Google one and your Google one winds up breached, your other account has been too. This could prove to be pretty bad for you when all is said and done.
How to Assess the Damage
If you’re on a laptop or desktop computer right now, click here to access your Google account. In Security, you can find lists of all the devices your account has been on, any third-party applications that can access your account, as well as any websites that are using Google Smart Lock to store access credentials.
Two questions: are your lists longer than you expected them to be, and do any of them include, say, your bank?
If so, access to your Google account would be all that’s needed to lock you out of your own finances and potentially defraud you. If a hacker had somehow gotten your Google account’s information, they could make their way into your bank account from there, keep you out by resetting your password, and transferring your money over to their own at their leisure.
So, we find ourselves at a fork in the road: do we say no to using the convenient tools that Google has provided for the sake of our security, or do we risk watching our security crumble just so we can save a few moments as we log in?
As with most conflict resolution, the best option is a compromise down the middle.
As it turns out, there’s a third path that we can take, by simply ensuring that the Google account that provides us with this convenience is itself sufficiently secured for this responsibility. While this unfortunately isn’t one of Google’s provided settings, it is a simple enough process in and of itself.
Making Sure Your Google Account is Secure
Step one of this process is simple enough, but can be a challenge to put into practice. You first have to accept that account security isn’t something that can be done once and never thought about again. You have to return to it every so often to make sure that everything is still shipshape.
Keep in mind, not all breaches can happen on your end, so you should also watch out for breaches that happen within the organizations that you have accounts with as well, in case you need to revise your credentials then.
After you’ve squared that away, there are a few additional practices to put in place.
Password Dos and Don’ts
Yes, passwords. While you really shouldn’t have any accounts protected by weak passwords, you need to be especially careful about the one that protects your Google account. After all, it protects any of the others that you have saved to Google, making it a veritable treasure chest for the cybercriminal. This means that you need to use a password or passphrase that subscribes to best practices, and is only used for your Google account.
You also need to consider where your putting your password at all. Any publicly-accessible device is a no-no, as they are almost definitely infected somehow, quite possibly equipped with some means of sending any input (like your credentials) back to the cybercriminal. The same problems are often present in publicly-available Wi-Fi signals, so resort to a private connection that is properly secured.
2FA, or Two-Factor Authentication
The more an account needs to allow access, the better, which is what makes 2FA such a great option. With 2FA, your account won’t let anyone in without a secondary code – and not just another password to memorize. This code should be generated upon requested access, sending a fresh code to a mobile device in a text message, a direct call, or in an app like Google Authenticator. Unless the hacker somehow has access to your phone as well, they won’t have everything they need. Ideally, you should use the application, as it is the most secure of your authentication options.
If you are going to be in a situation where you cannot use your phone, you can still utilize the 2FA that Google offers with a printable list of one-use codes. This list can be carried with you with relative safety, as you can reset the codes at any time.
Log in to your Google account to set up these features.
So you can still use Google’s very convenient services, just so long as you proactively secure them appropriately. For more assistance with your security, or any other IT concern, reach out to SemTech IT Solutions at 407-830-1434.