Photo by Luca Sammarco from Pexels
Passwords are very important in keeping people’s online accounts safe — emails, social media, and bank accounts among others. However, managing many passwords can be a hassle, that’s why some resort to using easy-to-remember yet vulnerable ones like their dog’s name and birthday, or just keep the same password across all their accounts. These shortcuts can lead to security risks that can compromise a person’s documents, data, and money online.
Google said it develops products that are secure by default to keep people feel safer online in a way that’s more convenient for them. In celebration of Cybersecurity Awareness Month, here are all the ways Google is making people’s sign-in safer:
Google shares 5 ways to keep accounts secure beyond passwords
Google shares tips on how to manage limited smartphone storage space
Making password sign-in seamless and safe
Every day, Google checks the security of 1 billion passwords to protect accounts from being hacked. Google’s Password Manager, built directly into Chrome, Android, and the Google App, uses the latest security technology to keep passwords safe across all the sites and apps. It makes it easier to create and use strong and unique passwords on multiple devices, without the need to remember or repeat each one.
On iOS, people can select Chrome to autofill saved passwords in other apps, too, allowing people to sign in with just one tap. Soon, Chrome’s strong password generation feature will be made available for any iOS app, similar to how Autofill with Google works on Android today.
A new feature will also be rolled out in the Google app that allows people to access all of the passwords they’ve saved in Google Password Manager right from the Google app menu. These enhancements are designed to make your password experience easier and safer — not just on Google, but across the web.
Getting people enrolled in 2SV
Having a second form of authentication dramatically decreases an attacker’s chance of gaining access to an account. For years, Google has been at the forefront of innovation in two-step verification (2SV), one of the most reliable ways to prevent unauthorized access to accounts and networks. 2SV is strongest when it combines both “something you know” (like a password) and “something you have” (like your phone or a security key).
To make 2SV more convenient, a Google prompt will now allow people to simply tap on their mobile devices to prove it’s really them trying to sign in.
Turning on security protections by default is one of the best ways to keep people safe, which is why Google has begun automatically configuring people’s accounts into a more secure state. By the end of 2021, Google plans to auto-enroll an additional 150 million Google accounts in 2SV and require 2 million YouTube creators to turn it on. At the moment, only Google accounts that have the proper backup mechanisms in place are being auto-enrolled to 2SV.
Building security keys into devices
Google led the invention of security keys — another form of authentication that requires people to tap their key during suspicious sign-in attempts. Security keys provide the highest degree of sign-in security possible, which is why Google partnered with organizations to provide free security keys to over 10,000 people this year who might be at high risk when it comes to online security.
To make security keys more accessible, they are built right into Android phones and Google Smart Lock app on Apple devices. Today, over 2 billion devices around the world automatically support the strongest, most convenient 2SV technology available.
Additional sign-in enhancements
One Tap was recently launched along with a new family of Identity APIs called Google Identity Services which uses secure tokens, rather than passwords, to sign people into partner websites and apps, like Reddit and Pinterest. It combines Google’s advanced security with easy sign-in to deliver a convenient experience that keeps people safe. These new services represent the future of authentication and protect against vulnerabilities like clickjacking, pixel tracking, and other web and app-based threats.