Here Are Google’s Best Account Security Practices
Wherever you go, someone is giving advice on account security and privacy. While it never hurts to be reminded of all the ways to protect your sensitive data, have you ever wondered if any of the various security measures you are taking are effective?
Google did just that, and it teamed up with researchers at New York University and UC San Diego to analyze over 350,000 different account hacking attempts and see how well some of its most basic account security suggestions were protecting accounts. users. It turns out that even the simplest techniques – in Pokemon parlance – are super effective !
For example, consider the simplest security option you can use with your Google account: adding your phone number as a ” recovery phone ” so Google can text you if your account looks suspicious. Do that, and Google’s research on large-scale attacks is pretty clear.
“We found that the SMS sent to the recovery phone number helped block 100% of automated bots, 96% of massive phishing attacks and 76% of targeted attacks,” a Google blog post said .
Sign up for an on-device prompt that requires an attacker to have physical access to your smartphone or tablet to authenticate a login request instead of intercepting your SMS messages or spoofing your SIM, making it even more difficult for them to hack into your account. According to Google research statistics, on-device tips prevented all automated bot attacks, 99 percent of “massive phishing attacks” and even more targeted attacks (90 percent) than if you simply used SMS-based authentication (76 percent mentioned above).
Unsurprisingly, security keys (also known as hardware tokens) are considered the safest measure you can use to prevent many different hacking attempts, blocking 100% of the attacks reported in Google’s research. On the other hand, simply entering a piece of information about yourself to authenticate to your account, such as an alternate email address you use or your phone number, has generally not been as effective (except for automated bot attacks).
However, not every website or service you use works well with a hardware token. Instead, we’re big fans of the Authy iOS and Android app, which makes it easy to access your two-factor authentication login codes across all the sites you use them on. 1Password’s password management system is also a great option for managing 2FA codes on your sites, and its Watchtower feature is great for seeing which sites you visit often, even if they support 2FA at all.
There is no reason you shouldn’t use this – or at least an SMS-based call – for every login, and Google research only further highlights why this is so important to account security.