Tag Archives: Safety & Security

6 new features on Android this summer

From keeping your account password safe to scheduling text messages to send at the right moment, we’re constantly rolling out new updates to the 3 billion active Android devices around the world. Today, we’re welcoming summer with six updates for your Android that focus on safety  — so you’re protected at every turn.


1. Android Earthquake Alerts System is rolling out globally

Earthquake alert screen that clicks through to an earthquake safety info screen

Last year, we embarked on a mission to build the world’s largest earthquake detection network, based on technology built into Android devices. With this free system, people in affected areas can get alerts seconds before an earthquake hits, giving you advance notice in case you need to seek safety. We recently launched the Android Earthquake Alerts System in New Zealand and Greece. Today, we’re introducing the Android Earthquake Alerts System in Turkey, the Philippines, Kazakhstan, Kyrgyz Republic, Tajikistan, Turkmenistan and Uzbekistan.

We are prioritizing launching Earthquake Alerts in countries with higher earthquake risks, and hope to launch in more and more countries over the coming year.


2. Star what’s important with the Messages app

With tons of messages from family, friends, colleagues and others, it’s easy for information to get lost. Now, you can star a message on your Messages app to keep track of what’s important, and easily find it later without scrolling through all of your conversations. Just tap and hold your message, then star it. And when you want to revisit a message, like your friend’s address or the photo from your family reunion, tap on the starred category. 


Starred messages will start to roll out more broadly over the coming weeks.


3. Find the perfect Emoji Kitchen sticker at the perfect time

After typing a message, relevant emoji mixes are proactively displayed at the top of the keyword

In May, we introduced a new section in your recently used Emoji Kitchen stickers so you can quickly get back to the ones you use most frequently. Soon you’ll also start to see contextual suggestions in Emoji Kitchen once you’ve typed a message. These will help you discover the perfect emoji combination at the exact moment you need it.


Contextual Emoji Kitchen suggestions are available in Gboard beta today and are coming to all Gboard users this summer for messages written in English, Spanish and Portuguese on devices running Android 6.0 and above.


4. Access more of your favorite apps with just your voice

Ask Google to open or search many of your favorite apps using just your voice — you can say things like,  “Hey Google, pay my Capital One bill” to jump right into the app and complete the task or “Hey Google, check my miles on Strava” to quickly see your weekly progress right on the lock screen. See what else you can do by saying “Hey Google, shortcuts.” 


5. Improved Password Input and gaze detection on Voice Access

A gaze detection icon on a screen changes from crossed out to active when a character turns its head towards the device to speak the "scroll down" command in Voice Access

Built with and for people with motor disabilities, and helpful for those without, Voice Access gives you quick and efficient phone and app navigation with just your voice.


With gaze detection, now in beta, you can ask Voice Access to work only when you are looking at the screen — so you can naturally move between talking to friends and using your phone. 


Voice Access now has enhanced password input. When it recognizes a password field, it will let you input letters, numbers and symbols. For example, you can say “capital P a s s w o r d” or names of symbols (like “dollar sign” to input a $), so it’s faster to safely enter your password.


6. More customization and new app experiences on Android Auto

After a user taps on the Messages app icon and + New, Google Assistant is activated to help send a new message from the launcher screen

You can now customize more of your Android Auto experience for easier use, like personalizing your launcher screen directly from your phone and manually setting dark mode. It’s also easier to browse content with new tabs in your media apps, a “back to top” option and an A to Z button in the scroll bar. And, if it’s your first time using Android Auto, you can now get started faster in your car with a few simple taps.


We’ve also added new app experiences to help enhance your drive. EV charging, parking and navigation apps are now available to use in Android Auto. Plus, we’ve improved the messaging experience, so you can access your favorite messaging apps  from the launcher screen. You can easily read and send new messages directly from apps like WhatsApp or Messages — now available globally. 


These Android Auto features are available on phones running Android 6.0 or above, and when connected to your compatible car.

Our commitments for the Privacy Sandbox

We all expect a more private and secure web. The Privacy Sandbox initiative aims to help build it by developing new digital advertising tools to protect people’s privacy and prevent covert tracking, while supporting a thriving ad-funded web. From the start of this project, we have been developing these tools in the open, and sought feedback at every step to ensure that they work for everyone, not just Google. As many publishers and advertisers rely on online advertising to fund their websites, getting this balance right is key to keeping the web open and accessible to everyone. 


So when the United Kingdom’s Competition and Markets Authority (CMA) announced its formal investigation of the Privacy Sandbox in January, we welcomed the opportunity to engage with a regulator with the mandate to promote competition for the benefit of consumers. 


This process has also recognized the importance of reconciling privacy and competition concerns. In a first-of-its-kind review involving converging regulatory authorities and expertise, the United Kingdom’s privacy regulator, the Information Commissioner’s Office (ICO), is working collaboratively with, and providing direct input to, the CMA on Google’s approach.


Today we are offering a set of commitments — the result of many hours of discussions with the CMA and more generally with the broader web community — about how we’ll design and implement the Privacy Sandbox proposals and treat user data in Google’s systems in the years ahead. The CMA is now asking others in the industry for feedback on these commitments as part of a public consultation, with a view to making them legally binding. If the CMA accepts these commitments, we will apply them globally. 


The commitments


Consultation and collaboration  

Throughout this process, we will engage the CMA and the industry in an open, constructive and continuous dialogue. This includes proactively informing both the CMA and the wider ecosystem of timelines, changes and tests during the development of the Privacy Sandbox proposals, building on our transparent approach to date. We will work with the CMA to resolve concerns and develop agreed parameters for the testing of new proposals, while the CMA will be getting direct input from the ICO.  


No data advantage for Google advertising products 

Google has always had policies and practices to safeguard the use of people’s data. And we have explicitly stated that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use such identifiers in our products. 


Building on this principle, the commitments confirm that once third-party cookies are phased out, our ads products will not access synced Chrome browsing histories (or data from other user-facing Google products) in order to track users to target or measure ads on sites across the web. 


Further, our ads products will also not access synced Chrome browsing histories or publishers' Google Analytics accounts to track users for targeting and measuring ads on our own sites, such as Google Search. 


No self-preferencing

We will play by the same rules as everybody else because we believe in competition on the merits. Our commitments make clear that, as the Privacy Sandbox proposals are developed and implemented, that work will not give preferential treatment or advantage to Google’s advertising products or to Google’s own sites. 


What’s next

We appreciate the CMA’s thoughtful approach throughout the review and their engagement with the difficult trade-offs that this process inevitably involves. We also welcome feedback from the public consultation and will continue to engage with the CMA and with the industry on this important topic. We understand that our plans will be scrutinized, so we’ll also continue to engage with other regulators, industry partners and privacy experts as well. 


We believe that these kinds of investments in privacy will create more opportunity, not less. The Privacy Sandbox seeks a way forward that improves people’s privacy online while ensuring that advertisers and publishers of all sizes can continue to succeed.


Source: Google Chrome


How Google supports today’s critical cybersecurity efforts

The past six months have seen some of the most widespread and alarming cyber attacks against our digital infrastructure in history — against public utilities, private sector companies, government entities and people living in democracies around the world. Attacks by nation-states and criminals are increasingly brazen and effective, penetrating even widely used products and services that are supposed to keep you safe.

We are deeply concerned by these trends. Security is the cornerstone of our product strategy, and we’ve spent the last decade building infrastructure and designing products that implement security at scale: every day Gmail blocks more than 100 million phishing attempts that never reach you. Google Play Protect scans over 100 billion apps for malware and other issues. We strive to deliver the most trusted cloudin the industry.  And we have dedicated teams like Project Zero who focus on finding and fixing vulnerabilities across the web to make the internet safer for all of us. 

Our security-first approach builds on awareness of an evolving threat environment, industry-wide information sharing, and the leadership of the international security community. We welcome growing efforts by governments around the world to address cybersecurity challenges. The recent cyber attacks create an opportunity to improve international cooperation and collaboration on areas of common concern. 

In the United States, we are committed to supporting the most recent White House Cybersecurity Executive Order, which makes critical strides to improve America’s cyber defenses in three key areas: 


Modernization and security innovation 

One of the most promising aspects of the U.S. government’s approach is to set agencies and departments on a path to modernize security practices and strengthen cyber defenses across the federal government. We strongly support modernizing computing systems, making security simple and scalable by default, and adopting best practices like zero trust frameworks. As we saw with SolarWinds and the Microsoft Exchange attacks, proprietary systems and restrictions on interoperability and data portability can amplify a network’s vulnerability, helping attackers scale up their efforts. Being tied to a single legacy system also keeps public sector agencies and businesses from taking advantage of the latest cloud-based security solutions. 

Modern systems create the ability to make frequent security updates and changes safely, a critical part of cyber-defense for both the government and private sector. If we are going to solve big security problems, we need to move beyond security band-aids to eliminating entire classes of vulnerabilities, like the risk of clicking on bad links


Secure software development

The U.S. government’s call to action to secure software development practices could bring about the most significant progress on cybersecurity in a decade and will likely have a significant long-term impact on government risk postures. 

At Google, we’ve emphasized securing the software supply chain and we’ve long built technologies and advocated for standards that enhance the integrity and security of software. We continue to work with the U.S. Commerce Department on these issues and support their effort to develop and share best practices. 

Public-private partnerships

In the last few weeks, ransomware attacks have targeted our schools, hospitals, oil pipelines and food supply. Meaningful improvement in cybersecurity will require the public and private sectors to work together in areas like sharing information on cyber threats; developing a comprehensive, defensive security posture to protect against ransomware; and coordinating how they identify and invest in next-generation security tools. 

We are committed to advancing our collective cybersecurity. We have had to block many attacks, including some from nation-states.  Those experiences have given us insights into what works in practice, so our government and private-sector customers don’t have to tackle these issues on their own or depend on the same enterprise technology that created the issues in the first place. Governments need industry-wide support and we are ready and willing to do our part.

We look forward to expanding our work with the United States and other governments, as well as with private sector partners, to develop security technologies and standards that make us all safer. 


Fix your passwords in Chrome with a single tap

Memorizing passwords is hard. That's why many of us use the same password across multiple sites. But this practice poses a huge risk, since it only takes one password breach to expose your account data from many different sites.

Not only that: changing passwords is itself a tedious task. You have to navigate to the site, sign in, find the account settings, open the password page — and then save it. Rinse and repeat on all your favorite sites, and that's a lot of work.

The good news is that Chrome comes with a strong password manager built-in. It's been checking the safety of your passwords for a while now. And starting today, whenever Chrome detects a breach, it can also fix any compromised passwords quickly, and safely.

Warning you about stolen passwords — and fixing them, too

Going forward, Chrome will help you change your passwords with a single tap. On supported sites, whenever you check your passwords and Chrome finds a password that may have been compromised, you will see a "Change password" button from Assistant. When you tap the button, Chrome will not only navigate to the site, but also go through the entire process of changing your password.  

Animation showing how Chrome will help you change stolen passwords automatically.

Going forward, Chrome will help you change compromised passwords automatically.

Importantly, you can control the entire experience and choose to go through the change password process manually from the start, or at any point during the process. And even if a site isn’t supported yet, Chrome’s password manager can always help you create strong and unique passwords for your various accounts.

Building on Duplex on the Web technology

Under the hood, Chrome is using Duplex on the Web to power this feature. We first introduced this technology in 2019 so that  Google Assistant could help you complete tasks on the web, like buying movie tickets. Since then, we’ve expanded to even more tasks, now helping millions of people every week order food and check in to flights. Powered by Duplex on the Web, Assistant takes over the tedious parts of web browsing: scrolling, clicking and filling forms, and allows you to focus on what’s important to you. And now we’re expanding these capabilities even further by letting you quickly create a strong password for certain sites and apps when Chrome determines your credentials have been leaked online. 

Expanding to more sites and apps soon

Automated password changes are rolling out gradually in Chrome on Android, to users who sync their passwords. It's starting in the U.S., and will become available on more sites and more countries in the coming months. 

Hallo from Munich 

Password generation, password leak checks, automated password changes and many more safety features were developed at the Google Safety Engineering Center (GSEC), a hub of privacy and security product experts and engineers based in Munich, which opened in 2019. GSEC is home to the engineering teams who work to deliver the safest personal browser experience to everyone, and we look forward to bringing more new features to strengthen the privacy and security of Chrome in 2021. 

Fix your passwords in Chrome with a single tap

Memorizing passwords is hard. That's why many of us use the same password across multiple sites. But this practice poses a huge risk, since it only takes one password breach to expose your account data from many different sites.

Not only that: changing passwords is itself a tedious task. You have to navigate to the site, sign in, find the account settings, open the password page — and then save it. Rinse and repeat on all your favorite sites, and that's a lot of work.

The good news is that Chrome comes with a strong password manager built-in. It's been checking the safety of your passwords for a while now. And starting today, whenever Chrome detects a breach, it can also fix any compromised passwords quickly, and safely.

Warning you about stolen passwords — and fixing them, too

Going forward, Chrome will help you change your passwords with a single tap. On supported sites, whenever you check your passwords and Chrome finds a password that may have been compromised, you will see a "Change password" button from Assistant. When you tap the button, Chrome will not only navigate to the site, but also go through the entire process of changing your password.  

Animation showing how Chrome will help you change stolen passwords automatically.

Going forward, Chrome will help you change compromised passwords automatically.

Importantly, you can control the entire experience and choose to go through the change password process manually from the start, or at any point during the process. And even if a site isn’t supported yet, Chrome’s password manager can always help you create strong and unique passwords for your various accounts.

Building on Duplex on the Web technology

Under the hood, Chrome is using Duplex on the Web to power this feature. We first introduced this technology in 2019 so that  Google Assistant could help you complete tasks on the web, like buying movie tickets. Since then, we’ve expanded to even more tasks, now helping millions of people every week order food and check in to flights. Powered by Duplex on the Web, Assistant takes over the tedious parts of web browsing: scrolling, clicking and filling forms, and allows you to focus on what’s important to you. And now we’re expanding these capabilities even further by letting you quickly create a strong password for certain sites and apps when Chrome determines your credentials have been leaked online. 

Expanding to more sites and apps soon

Automated password changes are rolling out gradually in Chrome on Android, to users who sync their passwords. It's starting in the U.S., and will become available on more sites and more countries in the coming months. 

Hallo from Munich 

Password generation, password leak checks, automated password changes and many more safety features were developed at the Google Safety Engineering Center (GSEC), a hub of privacy and security product experts and engineers based in Munich, which opened in 2019. GSEC is home to the engineering teams who work to deliver the safest personal browser experience to everyone, and we look forward to bringing more new features to strengthen the privacy and security of Chrome in 2021. 

More ways we’re making every day safer with Google

Every day, we focus on making sure you’re in control of your data by building products that are secure by default and private by design. At this year’s I/O, we’re introducing new features and technologies to keep you safer with Google.

Putting you in control of your data

Privacy is personal. That's why we make it easy for you to choose thesettings that are right for you — whether that’s one place to manage settings in your Google Account, Auto-Delete options, or controls that appear in context when you’re using our products. We announced a number of new controls today: 

  • Quick delete in Search.We’re introducing a new, “quick delete” option to delete the last 15 minutes of your Search history with a single tap from the Google Account Menu.
  • A passcode protected Locked Folder in Photos.Have you ever handed your phone to show someone a photo, but worried they might scroll to a personal or sensitive image — like a photo of your passport or a surprise gift? “Locked Folder” is a new feature in Google Photos —  a passcode-protected space where select photos can be saved separately. These photos won’t show up as you scroll through your grid or in shared albums. This feature is coming to Google Pixels first, and more Android devices throughout the year.
  • Location History reminders in your Maps Timeline.Now, when you see places you've visited in your Timeline, we'll remind you that it's because you turned on Location History — which you can easily turn off right there in your Timeline.

We’re also introducing new, industry-leading transparency and permission features on Android 12. The new OS includes a Privacy Dashboard where you will see a timeline of when apps accessed your camera, microphone, or device location. We’ve also added indicators that show when your camera or microphone are in use, as well as easy toggles to disable access to both across your device. And you can now choose to share your approximate location with an app instead of a precise one. 

Building products that are secure by default

As recent high-profile third-party security incidents show, your information isn’t private if it’s not secure. With AI-driven technologies that protect billions of users around the world, our products are secure by default: every day, we block 100 million phishing attempts and 15 billion spam messages in Gmail and encrypt 4 billion photos. And Safe Browsing on Chrome and most other browsers helps keep the rest of the Internet secure, automatically protecting more than 4 billion devices.

One of the biggest security risks is still the continued reliance on passwords — they’re often easy to crack, used across multiple sites, or stolen in phishing attacks. That’s why we’ve been working towards a password-free future — focusing on safer ways to authenticate your identity and building multiple layers of protection into your Google Account, like automatic enrollment in 2-step verification.

But because passwords are still required for most online accounts, we’ve also continued to improve our Password Manager, built directly into Chrome, Android and now iOS, to help you create, remember, save and auto-fill passwords across the web. Today, we announced new enhancements to Password Manager:

  • A new tool that makes it easy to import passwords from other password managers.
  • Deeper integrations with Chrome and Android to seamlessly fill your passwords across sites and apps, regardless of whether you’re on desktop or on mobile.
  • Password Alerts that automatically warn you if we detect one of your saved passwords has been compromised via a third party breach.
  • A smart way to fix compromised passwords in Chrome with a simple tap. For supported sites and apps, whenever Password Manager finds a password that may have been compromised, you’ll see a "change password" button from Assistant. When you tap the button, the Assistant will not only navigate to the site, but also go through the entire process of changing your password. This feature is available on Android devices and will be rolling out to more sites and apps in the future.


Making our products private by design

We’ve pioneered new computing technologies like Federated Learning (invented by Google researchers in 2016) that make it possible to deliver helpful experiences while protecting individual data and privacy. We’ve also led on DifferentialPrivacy, which powers some of our most helpful features and products, from our COVID-19 Community Mobility Reports to traffic predictions in Maps, without revealing individual user data. And this expertise guides our work on broader industry initiatives, like the open-source Privacy Sandbox.

Now, we’re continuing that work with Android's Private Compute Core, which keeps your information safe and private for a number of popular AI-driven features like Live Caption (which displays captions based on audio), Now Playing (which tells you the song that’s playing) and Smart Reply (which suggests short responses to messages and emails). For these features, the audio and language processing happens exclusively on your device. Like the rest of Android, Private Compute Core is open source — it’s fully inspectable and verifiable by the security community.

We’ll continue our work to make every day safer with Google with new controls, advanced security, and privacy-preserving technologies.

More ways we’re making every day safer with Google

Every day, we focus on making sure you’re in control of your data by building products that are secure by default and private by design. At this year’s I/O, we’re introducing new features and technologies to keep you safer with Google.

Putting you in control of your data

Privacy is personal. That's why we make it easy for you to choose thesettings that are right for you — whether that’s one place to manage settings in your Google Account, Auto-Delete options, or controls that appear in context when you’re using our products. We announced a number of new controls today: 

  • Quick delete in Search.We’re introducing a new, “quick delete” option to delete the last 15 minutes of your Search history with a single tap from the Google Account Menu.
  • A passcode protected Locked Folder in Photos.Have you ever handed your phone to show someone a photo, but worried they might scroll to a personal or sensitive image — like a photo of your passport or a surprise gift? “Locked Folder” is a new feature in Google Photos —  a passcode-protected space where select photos can be saved separately. These photos won’t show up as you scroll through your grid or in shared albums. This feature is coming to Google Pixels first, and more Android devices throughout the year.
  • Location History reminders in your Maps Timeline.Now, when you see places you've visited in your Timeline, we'll remind you that it's because you turned on Location History — which you can easily turn off right there in your Timeline.

We’re also introducing new, industry-leading transparency and permission features on Android 12. The new OS includes a Privacy Dashboard where you will see a timeline of when apps accessed your camera, microphone, or device location. We’ve also added indicators that show when your camera or microphone are in use, as well as easy toggles to disable access to both across your device. And you can now choose to share your approximate location with an app instead of a precise one. 

Building products that are secure by default

As recent high-profile third-party security incidents show, your information isn’t private if it’s not secure. With AI-driven technologies that protect billions of users around the world, our products are secure by default: every day, we block 100 million phishing attempts and 15 billion spam messages in Gmail and encrypt 4 billion photos. And Safe Browsing on Chrome and most other browsers helps keep the rest of the Internet secure, automatically protecting more than 4 billion devices.

One of the biggest security risks is still the continued reliance on passwords — they’re often easy to crack, used across multiple sites, or stolen in phishing attacks. That’s why we’ve been working towards a password-free future — focusing on safer ways to authenticate your identity and building multiple layers of protection into your Google Account, like automatic enrollment in 2-step verification.

But because passwords are still required for most online accounts, we’ve also continued to improve our Password Manager, built directly into Chrome, Android and now iOS, to help you create, remember, save and auto-fill passwords across the web. Today, we announced new enhancements to Password Manager:

  • A new tool that makes it easy to import passwords from other password managers.
  • Deeper integrations with Chrome and Android to seamlessly fill your passwords across sites and apps, regardless of whether you’re on desktop or on mobile.
  • Password Alerts that automatically warn you if we detect one of your saved passwords has been compromised via a third party breach.
  • A smart way to fix compromised passwords in Chrome with a simple tap. For supported sites and apps, whenever Password Manager finds a password that may have been compromised, you’ll see a "change password" button from Assistant. When you tap the button, the Assistant will not only navigate to the site, but also go through the entire process of changing your password. This feature is available on Android devices and will be rolling out to more sites and apps in the future.


Making our products private by design

We’ve pioneered new computing technologies like Federated Learning (invented by Google researchers in 2016) that make it possible to deliver helpful experiences while protecting individual data and privacy. We’ve also led on DifferentialPrivacy, which powers some of our most helpful features and products, from our COVID-19 Community Mobility Reports to traffic predictions in Maps, without revealing individual user data. And this expertise guides our work on broader industry initiatives, like the open-source Privacy Sandbox.

Now, we’re continuing that work with Android's Private Compute Core, which keeps your information safe and private for a number of popular AI-driven features like Live Caption (which displays captions based on audio), Now Playing (which tells you the song that’s playing) and Smart Reply (which suggests short responses to messages and emails). For these features, the audio and language processing happens exclusively on your device. Like the rest of Android, Private Compute Core is open source — it’s fully inspectable and verifiable by the security community.

We’ll continue our work to make every day safer with Google with new controls, advanced security, and privacy-preserving technologies.

Telegraphing the future of security

This week at the annual RSA Conference, we will hear from industry leaders on a wide range of issues, from the supply chain security crisis to breach disclosure notifications. While it’s important to talk about where we have been and what is happening in the industry right now, it is equally as important to think about where we need to go.


At Google, that means creating a safer Internet that is more secure for the next billion users. 


In order to create a safer Internet, our engineers, technologists and product teams look at what we know today and think about how it will change tomorrow – from analyzing trends in attacker methods, to shifts in the threat landscape, to new technologies – and we use those insights to chart the path ahead. 


We recently asked security experts across Google to telegraph the future of security, here’s a glimpse at their insights:

What do you think the biggest security challenge will be in 10 years? 

Royal cartoon image

“Shifting the focus of security from the technical hygiene of code and configuration to self defending data will save time and resources while unlocking rapid and safe innovation. 


Defense in depth and the control design we have learned from engineering methodologies will finally catch up to the dynamic nature of software. The better analogies will become biological - the immune system or the combination of organ systems like circulatory and respiratory.  Independent and constantly evolving but stronger operating together in the same superorganism.” - Royal Hansen, Vice President, Security 

Camille cartoon image

“Developing a global, unified framework for operating in cyberspace will be the biggest security challenge we face in 10 years. 


Data points to the positive effects of standards on innovation and collaboration, specifically through increased interoperability and reduced information inequality. We need to rethink how digital security standards are developed and operationalized, with an emphasis on the root challenge we seek to solve.” - Camille Stewart, Global Head of Product Security Strategy, Google
Vint cartoon image

“Securing open source software will be the biggest security challenge we face in 10 years.


Over the next decade, the heavy use of open source software by billions of devices that fall into the ‘Internet of Things’ category, will cause the number of vulnerabilities to scale dramatically and outpace our ability to fix them before they are exploited.


For too long it has been assumed that open source software is inherently more secure due to its openness – the thought that multiple people were using it, reviewing it and verifying it. That mindset must shift. “ - Vint Cerf, Chief Internet Evangelist  

Toni cartoon image

“Complexity will be the greatest challenge we face.


So much of what we have to secure are systems made up of other systems. All of those seams increase the opportunity for attacks. This will only ring more true in 10 years when there are projected to be over 25 billion connected devices.” - Toni Gidwani,  Security Engineering Manager, Threat Analysis Group


Where do you think the security industry will be in 10 years?

Mark cartoon image

“Phishing will no longer be a successful attack vector for bad actors. Passwords will be a thing of the past as we see widespread adoption of a secure by default framework.


Our advancements in authentication and verification technology will completely transform how users sign in to their accounts, moving from a sea of passwords to continuous, device-based authentication that seamlessly connects us to our content wherever we are." - Mark Risher, Director of Product Management, Identity and User Security
Sunil cartoon image

“Security will be nearly invisible for all users and many of the standalone security tools will disappear. This will be a result of advanced security technologies being built into devices and platforms by default, instead of bolted on as an afterthought. 


We will also see computing platforms based on simpler, similar models that will make them easier to protect, update and support – leading to democratization of security operations and ultimately breaking down the security talent shortage problem.” - Sunil Potti, Vice President and General Manager of Cloud Security

Mark cartoon image

“In 10 years, Private Computing will be ubiquitous. 


Most folks are aware of end-to-end encryption in private messaging and documents — this allows users to retain exclusive control over their private information and reduces risk from breaches and attacks, including ransomware. But the same concept applies to most aspects of personal digital technology, from home healthcare to photos to your private social network feeds. Delivering helpful, delightful, and safe user experiences - within the Private Computing model - is arguably the most important challenge for the tech world to embrace, today.” - Dave Kleidermacher,  Vice President, Engineering, Android Security & Privacy

If you could make one immediate change to security what would it be?

Phil cartoon image

“Risk transparency – organizations need real-time business context for security data. 


Mapping security issues to business context to determine a risk level is a time consuming process. This delay ultimately leaves organizations at more risk for a security incident. 


The good news is that change is on the horizon. Cloud makes risk transparency easier today, from well-lit security paths, declarative approaches like configuration as code and more precise inventories and diagnostics.” - Phil Venables, Chief Information Security Officer at Google Cloud
Jeannette cartoon image

“Expedite IT modernization across governments globally to keep pace with the evolving threat landscape. 


Achieving this would improve productivity, increase costs savings, enhance performance and ensure security every step of the way. Rather than continuing to invest in outdated security models, it’s time governments around the world explored options like a multi-vendor ecosystem and zero-trust security principles that allow for flexibility and innovation.” - Jeanette Manfra, Director for Risk and Compliance at Google Cloud


Mark cartoon image

“Build security and digital literacy into the curriculum of every school program globally. 

We need to solve the lack of understanding of the complex digital ecosystems in which we live our lives and address the cybersecurity skills and talent gap.” - Mark Johnston, Head of Security at Google Cloud , Asia- Pacific

Maddie cartoon image

“If I could make an immediate change to security, I'd have end user security and privacy be a requirement for all devices. 

There aren't exceptions made for early versions or the less expensive product, security and privacy is a requirement, just like seat belts in cars.”  - Maddie Stone, Security Researcher, Project Zero 


A simpler and safer future — without passwords

You may not realize it, but passwords are the single biggest threat to your online security – they’re easy to steal, they’re hard to remember, and managing them is tedious. Many people believe that a password should be as long and complicated as possible – but in many cases, this can actually increase the security risk. Complicated passwords tempt users into using them for more than one account; in fact, 66% of Americans admit to using the same password across multiple sites, which makes all those accounts vulnerable if any one falls. 


In 2020, searches for “how strong is my password” increased by 300%. Unfortunately, even the strongest passwords can be compromised and used by an attacker – that’s why we invested in security controls that prevent you from using weak or compromised passwords. 


At Google, keeping you safe online is our top priority, so we continuously invest in new tools and features to keep your personal information safe, including your passwords. 

 

On World Password Day,  we’re sharing how we are already making password management easier and safer, and we’re providing a sneak peek at how our continued innovation is creating a future where one day you won’t need a password at all. 


Keeping Your Google Sign In Safer

One of the best ways to protect your account from a breached or bad password is by having a second form of verification in place – another way for your account to confirm it is really you logging in. Google has been doing this for years, ensuring that your Google Account is protected by multiple layers of verification.


Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured. (You can check the status of your account in our Security Checkup).  Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone.


We are also building advanced security technologies into devices to make this multi-factor authentication seamless and even more secure than a password. For example, we’ve built our security keys directly into Android devices, and launched our Google Smart Lock app for iOS, so now people can use their phones as their secondary form of authentication. 

image of second step authentication Google sign in form


Keeping Your Passwords Safer Everywhere 


For as long as passwords remain a part of your digital life, through the apps you use and the websites you access, we will continue to innovate and develop new products and technologies that make managing them easy, and most importantly secure by default.


Our Password Manager, built directly into ChromeAndroid and now iOS, uses the latest security technology to protect your passwords across all the sites and apps you use. It makes it easier to create and use complex and unique passwords, without the need to remember or repeat them. Every time you go to a site or sign in to an app while logged into your Google Account, Password Manager can automatically populate your secure password. Password Manager is also integrated into our single-click Google Security Checkup — which tells you if any of your passwords have been compromised, if you are reusing passwords across different sites, and the strength of your passwords. We also automatically inform you if your password has been compromised, so you can make a quick and easy change to keep your information safe. 

video on how to upload passwords into Password Manager

We’ve recently launched our new Password Import feature which allows people to easily upload up to 1,000 passwords at a time from various third party sites into our Password Manager (for free).  By taking this step you can ensure that all of your passwords are protected by our advanced security and privacy technology. 


Features like Password Import, Password Manager and Security Checkup — combined with authentication products like Sign-in with Google — reduce the spread of weak credentials. All are examples of how we're working to make your online experience safer and easier—not just on Google, but across the web. 


One day, we hope stolen passwords will be a thing of the past, because passwords will be a thing of the past, but until then Google will continue to keep you and your passwords safe. Visit our Safety Center to learn all the ways we’re making every day safer online.

Introducing Android Earthquake Alerts outside the U.S.

In a natural disaster or emergency, every second counts. For example, when it comes to earthquakes, studies show that more than 50% of injuries can be prevented if users receive an early warning, and have the critical seconds needed to get to safety. That's why last year, we launched the Android Earthquake Alerts System, which uses sensors in Android smartphones to detect earthquakes around the world. The free system provides near-instant information to Google Search about local seismic events when you search “Earthquake near me.”


Today we’re announcing an expansion of the Android Earthquake Alerts System that uses both the detection and alerts capabilities, bringing these alerts to Android users in countries that don’t have early warning alert systems. We’re introducing the Android Earthquake Alerts System in Greece and New Zealand, where Android users will receive automatic early warning alerts when there is an earthquake in their area. Users who do not wish to receive these alerts can turn this off in device settings.


We launched alerting in August 2020, in partnership with the United States Geological Survey (USGS) and powered by ShakeAlert®, which made alerts available for Android users in California. This feature recently expanded to users in Oregon and will be rolling out in Washington this May. 


Early warning alerts in New Zealand and Greece work by using the accelerometers built into most Android smartphones to detect seismic waves that indicate an earthquake might be happening. If the phone detects shaking that it thinks may be an earthquake, it sends a signal to our earthquake detection server, along with a coarse location of where the shaking occurred. The server then takes this information from many phones to figure out if an earthquake is happening, where it is and what its magnitude is.


New Zealand and Greece will be the first countries to take advantage of both the detection and alert capabilities of the Android Earthquake Alerts System. Through this system, we hope to provide people with the advance notice they need to stay safe.


Source: Android