Author Archives: Camille Stewart

Security myth busting and spring cleaning

People are constantly being told to strengthen their security habits, but with so much advice — some of it conflicting — it’s hard to understand where to start or what to believe. Perhaps that’s why people go the easy route. Based on a new study we commissioned with Ipsos, nearly 20% of Americans still use common passwords like Password, abc123 and 123456.

So, we’re introducing a twist on spring cleaning this year: a digital cleaning to throw out old security advice and replace it with better practices. In honor of World Password Day today, we encourage everyone to start by leveraging the security protections built directly into our products that make every day Safer with Google.

Out with the old (cybersecurity myths)

As cybersecurity evolves, many of our old fears about it are no longer relevant or even true, especially with ongoing tech innovations. Here are a some of those myths we’re debunking today:

“It’s up to me to spot suspicious links on my own”: Phishing schemes can lead to serious cyber attacks, but by leveraging tech that is secure by default, you’re automatically protected from many of them. If you’re using Chrome or Gmail, we’ll proactively flag known deceptive sites, emails and links before you even click them, and Google Password Manager won’t autofill your credentials if it detects a fraudulent website. With the right security protections, which are set as default in Google products, less of the burden is on you.

“Avoid public Wi-Fi at all costs” The tech industry continues to make improvements to reduce security risks with public Wi-Fi, which has historically been the model for bad security practices. Websites using HTTPS provide secure connections using data encryption. Chrome offers HTTPS-First mode to prioritize those sites and makes it easy to identify protected pages with a lock icon in your web address bar. Use that as a signal for which websites to visit.

“Bluetooth is dangerous”: Bluetooth technology has come a long way since its inception. It’s far more advanced and harder to break into, especially in comparison with other technologies. However some people might still question whether Bluetooth, familiar as a pairing technology, is a secure method to help you sign in. After all, you’re used to seeing nearby devices like your phone or headphones show up on your laptop. But using current Bluetooth standards is very secure, and doesn’t actually involve pairing. It’s used to ensure your phone is near the device you’re signing in to, confirming it’s really you trying to access your account.

“Password managers are risky”: It might seem risky to entrust all your credentials in a single provider, but password managers are designed for security —and if you use ours, built directly into Chrome and Android, then you know it’s secure by default. Our research shows that 65% of people still reuse their credentials for various accounts, password managers solve that problem by creating new passwords for you and ensuring their strength. They’re also increasingly more secure, in fact, we recently launched a new on-device encryption for Google Password Manager, allowing you to keep your passwords more private and protected with your Google Account credentials before they’re sent to us for storage.

“Cybercriminals won’t waste their time targeting me”: You might not be a high-profile figure, but that doesn’t mean you’re not on cybercriminals’ radars. In fact, the everyday person is the perfect target for social engineering, which is when an attacker manipulates you into sharing personal information used for a cyber attack. Social engineers do this for a living and it’s a low cost, low effort way to reach their goals, especially in comparison to physically breaking technology or trying to target someone in the public eye. Protect yourself by being aware of social engineering and taking advantage of products that are secure by default like Gmail, Chrome, etc.

In with the new (digital spring cleaning)

Similar to how you clean out your garage each spring, we encourage you to spruce up your security. Get started with these tips and take a quick Security Checkup, which will guide you through protections that can instantly secure your Google Account.

  • Use 2-Step Verification (2SV): 2SV requires a second form of verification to access your account beyond your password — which could be a code sent to your phone, security key, etc. So, if someone tries to access your account, they will have a much harder time because they’ll need your password and second form of verification. Apply 2SV to secure your Google Account today, which will also cover all the services you use Sign in with Google for, with a simple tap on your device.
  • Use a Password Manager: Now that you know the truth about password managers, use one in addition to 2SV. Google Password Manager, built into Chrome and Android, will store your passwords, auto populate them for sites, create strong passwords, ensure they’re not entered into malicious sites, and alert you when they’re compromised.
  • Setup Account Recovery: Things happen, we lose our phones, forget our passwords, etc., so it’s critical to have recovery in place to gain access to your account in the event you’re locked out. This is especially true since other accounts utilize your email as a recovery method, so by keeping your Google Account recoverable, you do so for your other accounts as well. We’re also working to eliminate more inactive accounts for the safety of our users, so if your account becomes inactive and we take action, recovery and 2SV enablement will ensure you don’t lose data. Add a recovery email and phone number to your accounts today and sign up for Inactive Account Manager in addition to 2SV.
  • Install Updates: Finally, apply all those updates you’ve been putting off across your devices. Software updates often address critical security vulnerabilities, and with cyber threats on the rise, they’re more important than ever. Remember, there’s no IT team dedicated to maintaining your security like there may be at work, so it’s up to you to protect yourself at home. Take time to survey your mobile device, router, computer, etc., for updates.

We know security news will continue to flood your feeds today, but keep these tips in mind and freshen up your security this spring. For more security tips, and to learn about all the ways we make every day Safer with Google, visit ourSafety Center.

Google Play is helping to safeguard elections

At Google Play, our policies are designed to promote transparency for our users and help protect against misinformation. This work is critically important when it comes to safeguarding elections as people use apps to research candidates, register to vote, or find a polling place. As mobile apps disseminate voting information and increasingly support voting activity, we’re ensuring safety and transparency for app users. Recently, we’ve updated some policies to improve election safety and have committed additional resources to help safeguard elections.

Preventing deceptive behavior 

We don’t allow apps that enable people to distribute misleading information, such as altering media clips or sending fake text messages. While this policy applies broadly, addressing this content is particularly important as manipulated content increasingly appears in political discourse. To date, we’ve removed thousands of apps for engaging in deceptive behavior, generating manipulated content without the appropriate transparency measures or promoting demonstrably misleading claims. Read our deceptive behavior and manipulated media policies for more information. Additionally, our misleading claims policy prohibits demonstrably deceptive content that may interfere with voting processes, such as listing incorrect polling location information.    

Transparent government information

Whether people are looking for information on paying taxes or how to register to vote, they should have reliable and clearly-sourced information. In November 2019, we implemented changes that require any app that shares official government information to be clear about the source of that information and the app’s affiliation with the government. This information should be apparent from the app’s description. We also work with governments to verify their apps so people can be confident when reading and engaging with government information. Read this articlefor more information on communicating government information. Governments and any app communicating government information can visit this site for new information on keeping their apps secure.

Minimum requirements for news apps

To promote transparency in news publishing, we’ve recently introduced minimum requirements that apps must meet in order to be classified in the News category on Google Play. These include transparency requirements about the source and ownership of in-app news content, requirements applicable to news subscription services, and requirements regarding the use of affiliate marketing and ad revenue. These changes don’t make judgements about the content or the quality of the news itself. You can find more information about these requirements here.

Dedicated election support

We’ve also created dedicated teams across Google Play solely focused on elections to provide additional support and adapt to the changing landscape. This includes additional support for government agencies, specially trained app reviewers, and a safety team to address election threats and abuse. 

As part of Google’s work to prevent abuse on our platforms and help voters, Google Play and Android will continue to promote transparency for users, fight abuse on our platform, and equip developers with information and training resources to secure their apps. For more information about Google’s support for democratic processes around the world, please visit