Google’s War on Password Phishing
Google have recently enrolled a number of their users in a trial to road test a new way of logging in to their Google accounts. The method aims to stamp out the increasing amount of phishing attacks, as well as the issues caused by people (who likely include some of your employees) from using passwords that are all too easy to crack. So if you have a sneaking suspicion your staff members might be logging in to company accounts with “Password 123” and the like, read on.
So what exactly is Google’s master plan for squaring up to malicious phishing attempts and the perils caused by easy-to-crack passwords? The tech giant is currently trialing a new login option for Google account users. This will let anyone who has enabled the option to log in using their smartphone, completely eliminating the point at which you would normally enter a password. The system uses your phone to verify your identity by sending you an alert that gives you the option of whether or not to log in to your account.
During the trial stages, Google have invited what they are terming “a small group of users” to test out the potential password-free function on their personal Google accounts. The method appears to be easy to use and, if the trial is a success, could offer a far more secure way of accessing an account. By authorizing your phone to let you log in, you are effectively removing the need for a password.
To initiate a log in, the testers type in their email address on their PC or Mac. This will be followed up with a notification on their phone asking them whether they wish to log in to their Google account. All they then do is click the “yes” option and the computer will log them in automatically. For anyone concerned about not being able to log in due to their phone having a flat battery, being forgotten at home, or worst case scenario lost, there is no need to worry for the option remains to log in the traditional way by clicking a link saying “Use your password instead” at the bottom of the page.
Should the trial go ahead and password-free smartphone authentication becomes the norm, the advantages from a security perspective are clear. As stated above, simple passwords simply don’t protect accounts properly. Should someone – whether a hacker, a dishonest employee with an agenda, a recently fired employee with a grudge, or a competitor – put their mind to it, figuring out poor passwords is really not that hard, especially if they have insider knowledge about the user. Date of birth, favorite football team, an unfortunate obsession with Justin Beiber – these are all things that can be used to crack a password. And let’s not even get started on Password123.
The other thing of significant importance is the fact that should password-free log in go ahead, it will stop phishers in their tracks. The phishing ‘business’ is a booming one and those unscrupulous people who contact end users and attempt to extract personal information from them by pretending to be from a trustworthy source could find that their days of stealing passwords are numbered. If the phone becomes the means to log in, the phisher is rendered impotent. There is no password to hand over and of course the phisher doesn’t have access to the phone to click the “yes” button.
Google have made a few facts clear to their guinea pigs which have become public knowledge. The first of which is that the trial works on both the iOS and Android platforms. Users can still log in with their existing password should they desire and Google’s “unusual sign-in” policy remains in place should they detect anything suspicious and need the user to complete an extra step as proof it’s really them.
Should password-free, smartphone login be launched it would be a massive step in the right direction towards plugging the security holes that are caused by human error or carelessness. Setting a password such as “123456” might seem kind of dumb, but it’s amazing just how many people do! At the other end of the scale, phishers can be frighteningly convincing and are able to con even the most tech savvy or diligent users out of passwords, credit card details and more.
If you’d like to know how we can help you ensure that you are operating in the safest possible security environment, give us a call today.