Google beefs up account security with new step-by-step checkup, notifications, and JavaScript requirement

0
85

Today, to mark the last day of Cybersecurity Awareness Month, Google announced key security enhancements it’s making to prevent attackers from hijacking users’ Google Accounts.

“Online security can sometimes feel like walking through a haunted house — scary, and you aren’t quite sure what may pop up,” Google product manager Jonathan Skelker wrote in a blog post. “We are constantly working to strengthen our automatic protections to stop attackers and keep you safe you from the many tricks you may encounter.”

Perhaps most notable is a new step-by-step flow within the Google Account page. It’ll trigger automatically the moment “potential [sic] unauthorized activity” is detected, Skelker explained, and walk users through a four-step process:

  1. Verifying security settings to ensure their account isn’t vulnerable to additional attacks and can’t be accessed via a recovery phone number, email address, or other means
  2. Securing other online accounts attached to a user’s Google Account
  3. Checking financial activity to ensure payment methods connected to the account (such as Google Pay or a credit card) weren’t abused
  4. Reviewing content and files to see if Gmail or Google Drive data was compromised

Google’s also introducing additional notifications within Security Checkup, a web dashboard from which users can set up two-factor authentication, check which apps have access to users’ account information, and review unusual security events. In the coming weeks, it’ll send out personalized alerts whenever any data’s shared from a Google account with third-party sites or applications — whether it’s Gmail info, a Google Photos album, or Google Contacts.

Finally, Google will now require that JavaScript is enabled on the Google sign-in page. As Skelker noted, an array of JavaScrip-based risk assessments run every time users enter their username and password, and block suspicious sign-ins automatically.

READ  PhonePe partners with OYO, allows users to book OYO Rooms on it’s platform

Today’s improvements come roughly a year after Google revamped Security Checkup with “personalized guidance” tailored to individual accounts and launched predictive phishing protection in Chrome. Earlier this month, the Mountain View company said it would begin activating security alerts for G Suite admins by default if it believes the company’s systems are being subjected to a government-backed attack. And just last week, Google brought personal data controls — including a new data history view-and-delete feature — directly into Google Search.

In June, Google Account got a makeover on Android. It’s now based on Google’s Material Design language and organizes controls into tabs along the top — Account, Data & Personalization, Security, People & Sharing, and Payments & Subscriptions — and a dedicated support page that links to handy Google forums. More recently, as part of Google’s Project Strobe initiative, the company said it would roll out a streamlined permissions management view for Google account access prompts; implement a stricter API access policy for the consumer Gmail API; and limit Android apps’ ability to receive call log and SMS permissions on Android devices.

The search giant’s renewed focus on privacy features follows several high-profile headlines this year, such as the Facebook and Cambridge Analytica data scandal. A recent Wall Street Journal report earlier this year revealed that Google+, Google’s eponymous social network, failed to disclose an exploit that might have exposed the data of more than 500,000 users. Following the news, Google announced that Google+ will formally shut down in August 2019, following a 10-month wind-down period; in the interim, it’ll see new features “purpose-built” for businesses.

READ  Owl Cameras nabs $10 million for connected dashcam that captures everything 24/7

Source: VentureBeat

To Read Our Daily News Updates, Please Visit Inventiva Or Subscribe Our Newsletter & Push.

Comments

comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.