October 15th, 2010 | Published in Google Online Security
Like many people, you probably store a lot of important information in your Google Account. I personally check my Gmail account every day (sometimes several times a day) and rely on having access to my mail and contacts wherever I go. Aside from Gmail, my Google Account is tied to lots of other services that help me manage my life and interests: photos, documents, blogs, calendars, and more. That is to say, my Google Account is very valuable to me.
Unfortunately, a Google Account is also valuable in the eyes of spammers and other people looking to do harm. It’s not so much about your specific account, but rather the fact that your friends and family see your Google Account as trustworthy. A perfect example is the “Mugged in London” phishing scam that aims to trick your contacts into wiring money — ostensibly to help you out. If your account is compromised and used to send these messages, your well-meaning friends may find themselves out a chunk of change. If you have sensitive information in your account, it may also be at risk of improper access.
As part of National Cyber Security Awareness month, we want to let you know what you can do to better protect your Google Account.
Stay one step ahead of the bad guys
Account hijackers prey on the bad habits of the average Internet user. Understanding common hijacking techniques and using better security practices will help you stay one step ahead of them.
The most common ways hijackers can get access to your Google password are:
- Password re-use: You sign up for an account on a third-party site with your Google username and password. If that site is hacked and your sign-in information is discovered, the hijacker has easy access to your Google Account.
- Malware: You use a computer with infected software that is designed to steal your passwords as you type (“keylogging”) or grab them from your browser’s cache data.
- Phishing: You respond to a website, email, or phone call that claims to come from a legitimate organization and asks for your username and password.
- Brute force: You use a password that’s easy to guess, like your first or last name plus your birth date (“Laura1968”), or you provide an answer to a secret question that’s common and therefore easy to guess, like “pizza” for “What is your favorite food?”
Take control of your account security across the web
Online accounts that share passwords are like a line of dominoes: When one falls, it doesn’t take much for the others to fall, too. This is why you should choose unique passwords for important accounts like Gmail (your Google Account), your bank, commerce sites, and social networking sites. We’re also working on technology that adds another layer of protection beyond your password to make your Google Account significantly more secure.
Choosing a unique password is not enough to secure your Google Account against every possible threat. That’s why we’ve created an easy-to-use checklist to help you secure your computer, browser, Gmail, and Google Account. We encourage you to go through the entire checklist, but want to highlight these tips:
- Never re-use passwords for your important accounts like online banking, email, social networking, and commerce.
- Change your password periodically, and be sure to do so for important accounts whenever you suspect one of them may have been at risk. Don’t just change your password by a few letters or numbers (“Aquarius5” to “Aquarius6”); change the combination of letters and numbers to something unique each time.
- Never respond to messages, non-Google websites, or phone calls asking for your Google username or password; a legitimate organization will not ask you for this type of information. Report these messages to us so we can take action. If you responded and can no longer access your account, visit our account recovery page.