You Need to Realize How Critical Your Google Account's Security is

It seems that to have a computer these days is to have a Google account. If one isn’t utilized for professional purposes, it is utilized as a personalized solution; the convenience and accessibility of these accounts alone are compelling, even before one considers the versatility that this account brings with it. Alas, these benefits can be quickly overshadowed by risk if a Google account’s security is overlooked.

To avoid this scenario, let's take a look at why a Google account (and for that matter, any online account) needs to be secured, and a few ways to get you started.

Your Security is On You 
Considering the short time it has been around, the Internet has undergone a significant image shift as its purpose has grown more complicated.

Initially, the plan for the Internet was to create a means of sharing information. Even its name reflects that, combining inter (which means reciprocal, or shared) with a shortened version of network (defined as a system of connected things).

When MIT’s J.C.R. Licklider composed the memos that described, as he called it, the “Galactic Network” in 1962, this purpose of sharing was exhibited in full force. Chronicled as a system of computers that were all connected to provide access to data and helpful programs, the Galactic Network is a dead ringer for the Internet that we know today. Sir Tim Berners-Lee later credited the concept of a decentralized and open environment as the framework upon which he developed the World Wide Web. As he put it:

“Had the technology been proprietary, and in my total control, it would probably not have taken off. You can’t propose that something be a universal space and at the same time keep control of it.”

The Modern Internet
The modern Internet retains a lot of these qualities. Think about the popularity of social media today, and how much we rely on collaboration in our jobs. Having what is a largely unrestricted network available to us, permitting us to share and cooperate, has allowed us to expand and flourish. These qualities are what have inspired the development of safeguards like open-access information and net neutrality, adopted in most of the industrialized world. That being said, an exclusively laissez-faire approach has since been rendered impractical, simply because of how the Internet is used.

There is a large discrepancy in how the Internet is utilized now, as compared to the dream of the Galactic Network’s purpose. Instead of spreading education, exclusively, the Internet has become a conduit that is used to transmit data of all kinds. This is imperative to recognize, as the data that is now transmitted is precisely the kind that requires intense security to protect it - and this is why businesses like Google have devoted time to sculpting services that meet this balance.

Growing from what was once a Stamford doctorate dissertation project known as BackRub, Google is currently a household name. Many organizations rely on the solutions developed by Alphabet Inc., as do a large part of the general population. One of Google’s most common offshoots is Gmail, with businesses and private users alike using it for everything...including as a means of opening other online accounts.

This is exactly why a Google account is so important to protect.

Assuming that you have one, consider your own use of your Gmail account - have you used it to create any other online accounts? How much of your inbox is private information?

Putting the Pieces Together
This is the crux of why having a Google account can work both ways. The positive outcome is that you have a convenient and reasonably secure solution to your need of an email to set up accounts with, or a single account that many other online services accept as a method of sign-in. So far, the negative outcome is a little harder to see, until you factor in one more vital element:

Linking an account to your Google account ties your Google account’s security to it directly.

If you link an account to your Google one and your Google one winds up breached, your other account has been too. This could prove to be costly for you when all is said and done.

How to Evaluate the Damage
If you’re on a laptop or desktop computer right now, click here to access your Google account. In Security, you can find lists of all the devices your account has been on, any third-party applications that can access your account, as well as any websites that are using Google Smart Lock to store access credentials.

Two questions: are your lists longer than you expected them to be, and do any of them include, say, your bank?

If so, access to your Google account would be all that’s needed to lock you out of your own finances and potentially defraud you. If a hacker had somehow gotten your Google account’s information, they could make their way into your bank account from there, lock you out by resetting your password, and transferring your money over to their own at their leisure.

Thus, we find ourselves at a fork in the road: do we say no to using the convenient tools that Google has provided for the sake of our security, or do we risk watching our security crumble just so we can save a few moments as we log in?

As with most conflict resolution, the best option is a compromise.

It turns out, there’s a third path that we can take, by simply ensuring that the Google account that provides us with this convenience is itself sufficiently secured for this responsibility. While this unfortunately isn’t one of Google’s provided settings, it is a simple enough process in and of itself.

Ensuring Your Google Account is Secure
You must first accept that account security isn’t something that can be done once and never thought about again. You have to return to it every so often to make sure that everything is still working properly.

Not all breaches can happen on your end, so you should also watch out for breaches that happen within the organizations that you have accounts with as well, in case you need to revise your credentials then.

After you’ve squared that away, there are a few additional practices to put in place.

Password Dos and Don’ts
While you really shouldn’t have any accounts protected by weak passwords, you need to be especially careful about the one that protects your Google account; it protects any of the others that you have saved to Google, making it a veritable treasure chest for the cybercriminal. This means that you need to use a password or passphrase that subscribes to best practices, and is only used for your Google account.

You also need to consider where your putting your password at all. Any publicly-accessible device is a no-no, as they are almost definitely infected somehow, quite possibly equipped with some means of sending any input (like your credentials) back to the cybercriminal. The same problems are often present in publicly-available Wi-Fi signals, so resort to a private connection that is properly secured.

2FA, or Two-Factor Authentication
The more an account needs to permit access, the better, which is what makes 2FA such a great option. With 2FA, your account won’t let anyone in without a secondary code - and not just another password to memorize. This code should be generated upon requested access, sending a fresh code to a mobile device in a text message, a direct call, or in an app like Google Authenticator. Unless the hacker somehow has access to your phone as well, they won’t have everything they need. Ideally, you should use the application, as it is the most secure of your authentication options.

If you are going to be in a situation where you cannot use your phone, you can still utilize the 2FA that Google offers with a printable list of one-use codes. This list can be carried with you with relative safety, as you can reset the codes at any time.

Log in to your Google account to set up these features.

So you can still utilize Google’s very convenient services, just so long as you proactively secure them appropriately. For more assistance with your security, or any other IT concern, reach out to Macro Systems at 703-359-9211.