Tag Archives: Online safety

Making sign-in safer and more convenient

For most of us, passwords are the first line of defense for our digital lives. However, managing a set of strong passwords isn’t always convenient, which leads many people to look for  shortcuts (i.e. dog’s name + birthday) or to neglect password best practices altogether, which opens them up to online risks. At Google, we protect our users with products that are secure by default – it’s how we keep more people safe online than anyone else in the world. 


As we celebrate Cybersecurity Awareness Month, we’d like to share all the ways we are making your sign-in safer


Making password sign-in seamless and safe


Everyday, Google checks the security of 1 billion passwords to protect your accounts from being hacked. Google’s Password Manager, built directly into Chrome, Android and the Google App, uses the latest security technology to keep your passwords safe across all the sites and apps you use. It makes it easier to create and use strong and unique passwords on all your devices, without the need to remember or repeat each one.

 

On iOS you can select Chrome to autofill saved passwords in other apps, too. That means your sign-in experience goes from remembering and typing in a password on each individual site to literally one tap.  And soon, you will be able to take advantage of Chrome’s strong password generation feature for any iOS app, similar to how Autofill with Google works on Android today.  


We're also rolling out a feature in the Google app that allows you to access all of the passwords you've saved in Google Password Manager right from the Google app menu. These enhancements are designed to make your password experience easier and safer—not just on Google, but across the web.


Getting people enrolled in 2SV  


In addition to passwords, we know that having a second form of authentication dramatically decreases an attacker’s chance of gaining access to an account. For years, Google has been at the forefront of innovation in two-step verification (2SV), one of the most reliable ways to prevent unauthorized access to accounts and networks. 2SV is strongest when it combines both "something you know" (like a password) and "something you have" (like your phone or a security key).


2SV has been core to Google’s own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove it’s really you trying to sign in. And because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users’ accounts into a more secure state. By the end of 2021, we plan to  auto-enroll an additional 150 million Google users in 2SV and require  2 million YouTube creators to turn it on.

We also recognize that today’s 2SV options aren’t suitable for everyone, so we are working on technologies that provide a convenient, secure authentication experience and reduce the reliance on passwords in the long-term. Right now we are auto-enrolling Google accounts that have the proper backup mechanisms in place to make a seamless transition to 2SV. To make sure your account has the right settings in place, take our quick Security Checkup


Building security keys into devices 


As part of our security work, we led the invention of security keys — another form of authentication that requires you to tap your key during suspicious sign-in attempts. We know security keys provide the highest degree of sign-in security possible, that’s why we've partnered with organizations to provide free security keys to over 10,000 high risk users this year. 


To make security keys more accessible, we built the capability right into Android phones and our Google Smart Lock app on Apple devices. Today, over two billion devices around the world automatically support the strongest, most convenient 2SV technology available. 


Additional sign-in enhancements 


We recently launched One Tap and a new family of Identity APIs called Google Identity Services, which uses secure tokens, rather than passwords, to sign users into partner websites and apps, like Reddit and Pinterest. With the new Google Identity Services, we've combined Google's advanced security with easy sign in to deliver a convenient experience that also keeps users safe. These new services represent the future of authentication and protect against vulnerabilities like click-jacking, pixel tracking, and other web and app-based threats.


Ultimately, we want all of our users to have an easy, seamless sign-in experience that includes the best security protections across all of their devices and accounts. To learn more about all the ways we’re making every day safer with Google visit our Safety Center


Posted by Guemmy Kim, Director, Account Security and Safety and AbdelKarim Mardini, Group Product Manager, Chrome

Tips for upping online safety this Safer Internet Day

Parenting was especially challenging in 2020. Our families needed to learn new habits like social distancing, wearing masks and frequently washing our hands. As a large part of our everyday lives moved online, with online learning becoming the main mode of schooling for many, it was necessary to teach our children to take extra precautions as well.


I am part of a team at Google that teaches online safety habits to people from all walks of life. Parents have always been concerned for the digital safety of their families. Recent research that we did alongside our Trust Research team in Asia-Pacific (Australia, Hong Kong, India, Indonesia, Japan, Malaysia, the Philippines, Singapore, Taiwan, Thailand and Vietnam) and Latin America (Argentina, Brazil, Colombia and Mexico) found that parents with children attending school online were more concerned about online safety than ones whose children attended school in-person.


As a father of three kids who use the internet in very different ways, instilling safe habits can be a challenge. So today, on Safer Internet Day, I would like to share some tips to address the top three parental concerns when it comes to keeping our children safe online. 


  1. Protect their digital identities.
    The privacy and security of their children’s information was the top concern of parents we surveyed. Parents cited concerns around scams or hacking of their child’s accounts. Here are some simple ways to safeguard your kids’ information: 


  • Teach your children how to choose strong passwords that cannot be easily guessed. Avoid simple passwords that use names, birthdates, or even favourite cartoon characters. And don’t forget to check your own passwords!

  • It is also useful to stick to platforms that have a strong reputation for user safety. For instance, using an email service like Gmail comes with built-in safety filters to detect phishing emails, blocking 99.9% of phishing attacks from ever reaching your inbox.


  1. Know who they talk to.
    Social isolation is a difficult outcome of the COVID-19 pandemic, and our children connect with their friends online, whether through messaging apps or voice chat while playing games. It is important for parents to be aware that these channels can also be used by ill-intentioned strangers to reach out to our children. Just as in real life, it is important to be aware of who our children talk to online. 


  • Try to talk to your kids about the games they play or the videos they watch, and also the people they play with online. I always remind my kids to come to me immediately if they face any situation online that makes them feel uncomfortable. In India, 74% of parents with children attending school online during the Covid-19 pandemic expressed increased concern about online safety. But interestingly, 34% or more than a third of parents interviewed have never spoken to their children about online safety. We need to work hard to reassure our children that we are here to guide and protect them. 

  • When assessing if a game is suitable for your child, it is important to check not only the content of the game, but also whether the app allows online communications with others. Some multiplayer games allow only a few options for social interaction, like a thumbs up rather than a text chat. This reduces risks of unwanted social interactions by quite a lot.

  1. Offer appropriate content at the appropriate age.
    The fear of children encountering inappropriate content has long been among the top concerns of parents in surveys. There are family safety features that parents can use to help guard their children from content that may not be suitable for their age. In India, our survey showed  that 71% of parents are currently using online family safety features. Here are some features that you can start using today: 


  • Turning on SafeSearch on Google helps filter out explicit content in Google’s search results for all searches, including images, videos and websites. SafeSearch is designed to help block explicit results like pornography from Google search results.

  • Manage your child’s device by creating a Google account for your child and using Family Link. This allows you to add filters on Google Search, block websites or only give access to the ones you allow or track the location of your child if they have their own device.

  • Many parental controls are available on YouTube Kids. You are able to limit screen time, only show videos that you approve or select suitable content based on the age of your child.


Some other time-tested tips include allowing children to use the internet only in common areas in the home such as the living room. But the tough part is leading by example!

At the end of the day, the core of our parenting journey lies in the relationships we build with our children. They require our guidance on the internet as much as they do in the real world. Tiring as 2020, and now 2021, has been, I am grateful that I have had more time with my family and to appreciate what each of them brings to my life.


Let’s work together to make the internet a safe place for our children to learn, create and explore.


Posted by Lucian Teo, Online Safety Education Lead

Google Supports Scams Awareness Week

This year, #scamsweek2020 comes at a time where many of us are spending more time at home, and are using a plethora of new apps and communications tools to work, learn, access information, and stay connected with loved ones.  We are joining the ACCC Scamwatch team this week to promote the importance of identifying and managing online security risks - some of which we do on your behalf without you even realising and some of which we ask you to make an informed decision about. 


When people first started staying home due to COVID-19 earlier this year, our advanced, machine-learning classifiers saw 18 million daily malware and phishing attempts related to COVID-19, in addition to more than 240 million COVID-related spam messages globally. Our security systems have detected a range of new scams circulating, such as phishing emails posing as messages from charities and NGOs, directions from “administrators” to employees working from home, and even notices spoofing healthcare providers. Our systems have also spotted malware-laden sites that pose as sign-in pages for popular social media accounts, health organisations, or even official coronavirus maps. 


To protect you from these risks, we've built advanced security protections into many Google products to automatically identify and stop threats before they ever reach you. Our machine learning models in Gmail already detect and block more than 99.9 percent of spam, phishing and malware. Our built-in security also protects you by alerting you before you enter fraudulent websites, by scanning apps in Google Play before you download, and more. But we want to help you stay secure everywhere online, not just on our products, so we’re providing these simple tips, tools and resources.



Know how to spot and avoid COVID-19 scams
With many of the COVID-19 related scams coming in the form of phishing emails, it’s important to pause and evaluate any COVID-19 email before clicking any links or taking other action. Be wary of requests for personal information such as your home address or bank details. Fake links often imitate established websites by adding extra words or letters to them—check the URL’s validity by hovering over it (on desktop) or with a long press (on mobile).

Tips to Avoid Common Scams

Use your company’s enterprise email account for anything work-related
Working with our enterprise customers, we see how employees can put their company’s business at risk when using their personal accounts or devices. Even when working from home, it’s important to keep your work and personal email separate. Enterprise accounts offer additional security features that keep your company’s private information private. If you’re unsure about your company’s online security safeguards, check with your IT professionals to ensure the right security features are enabled, like two-factor authentication.



Secure your video calls on video conferencing apps
The security controls built into Google Meet are turned on by default, so that in most cases, organisations and users are automatically protected. But there are steps you can take on any video conferencing app to make your call more secure:
  • Consider adding an extra layer of verification to help ensure only invited attendees gain access to the meeting.
  • When sharing a meeting invite publicly, be sure to enable the “knocking” feature so that the meeting organiser can personally vet and accept new attendees before they enter the meeting.
  • If you receive a meeting invite that requires installing a new video-conferencing app, always be sure to verify the invitation—paying special attention to potential imposters—before installing.



Install security updates when notified
When working from home, your work computer may not automatically update your security technology as it would when in the office and connected to your corporate network. It’s important to take immediate action on any security update prompts. These updates solve for known security vulnerabilities, which attackers are actively seeking out and exploiting.



Use a password manager to create and store strong passwords
With all the new applications and services you might be using for work and school purposes, it can be tempting to use just one password for all.  In fact, 69% of Aussies admit to using the same password across multiple accounts, despite 90% knowing that this presents a security risk. To keep your private information private, always use unique, hard-to-guess passwords. A password manager, like the one built into Android, Chrome, and your Google Account can help make this easier.



Protect your Google Account
If you use a Google Account, you can easily review any recent security issues and get personalised recommendations to help protect your data and devices with the Security Checkup. Within this tool, you can also run a Password Checkup to learn if any of your saved passwords for third party sites or accounts have been compromised and then easily change them if needed.


You should also consider adding two-steps verification (also known as two-factor authentication), which you likely already have in place for online banking and other similar services, to provide an extra layer of security. This helps keep out anyone who shouldn't have access to your accounts by requiring a secondary factor on top of your username and password to sign in. To set this up for your Google Account, go to g.co/2SV.


Posted by Samantha Yorke, Government Affairs and Public Policy Senior Manager, Google Australia

Helping you avoid COVID-19 online security risks

As people around the world are staying at home due to COVID-19, many are turning to new apps and communications tools to work, learn, access information, and stay connected with loved ones. 


While these digital platforms are helpful in our daily lives, they can also introduce new online security risks. Our Threat Analysis Group continually monitors for sophisticated hacking activity, and our security systems have detected a range of new scams such as phishing emails posing as messages from charities and NGOs battling COVID-19, directions from “administrators” to employees working from home, and even notices spoofing healthcare providers. During the past couple of weeks across the globe, our advanced machine-learning classifiers have seen 18 million daily malware and phishing attempts related to COVID-19, in addition to more than 240 million COVID-related spam messages. 


To protect you from these risks, we've built advanced security protections into Google products to automatically identify and stop threats before they ever reach you. Our machine learning models in Gmail already detect and block more than 99.9 percent of spam, phishing and malware. The security we have built into Chrome browser also protects you by alerting you before you enter fraudulent websites, Google Play Protect automatically scans apps and data on your Android device so that you have the latest in mobile security, and more. 

But we want to help you stay secure everywhere online, not just on our products, so we’re providing these simple tips, tools and resources.


Know how to spot and avoid COVID-19 scams


With many of the COVID-19 related scams coming in the form of phishing emails, it’s important to pause and evaluate any COVID-19 related email before clicking any links or taking other actions. Be wary of requests for personal information such as your home address or bank details. Fake links often imitate established websites by adding extra words or letters to them—check the URL’s validity by hovering over it (on desktop) or with a long press (on mobile). See the image below for a few key tips to be aware of.
 


These tips are also available online on Google Safety center at g.co/covidsecuritytips in Hindi and English, with more Indian languages being added in the coming weeks. You can also download these tips as handy one-pagers (for Hindi and English.) 




Use a password manager to create and store strong passwords



With all the new applications and services you might be using for work and school purposes, it can be tempting to use just one password for all. To keep your private information private, always use unique, hard-to-guess passwords. A password manager, like the one built into Android, Chrome, and your Google Account can help make this easier.


Protect your Google Account


If you use a Google Account, you can easily review any recent security issues and get personalized recommendations to help protect your data and devices with the Security Checkup. Within this tool, you can also run a Password Checkup to learn if any of your saved passwords for third party sites or accounts have been compromised, and then easily change them if needed.


You should also consider adding two-step verification (also known as two-factor authentication), which you likely already have in place for online banking and other similar services, to provide an extra layer of security. This helps keep out anyone who shouldn’t have access to your accounts by requiring a secondary factor on top of your username and password to sign in. To set this up for your Google Account, go to g.co/2SV. And if you’re someone who is at risk of a targeted attack—like a journalist, activist, politician or a high profile healthcare professional—enroll in the Advanced Protection Program, our strongest security offering, at g.co/advancedprotection.

Our teams continue to monitor the evolving online security threats connected to COVID-19 so that we can keep you informed and protected. For more tips to help you improve your online security, visit our Safety Center.

Posted by Saikat Mitra, Director - Trust & Safety