Tweet
While it may be frustrating to have to remember multitudes of passwords, have your accounts linked to your mobile number, or set up two-factor authentication, Google has released data showing just how effective some of these security techniques truly are.
Googleās Security Blog has published research on the effectiveness of ābasic account hygieneā, finding that āsimply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during [the] investigationā.
The research was formulated from two different studies, conducted in conjunction with the New York University and the University of California, San Diego, focusing on wide-scale attacks and targeted attacks respectively.
[ul]
[li]A look inside Googleās security team[/li][/ul]
The blog post details the automatic account security measures that Google employs ā these include āknowledge-based challengesā such as verifying the last sign-in location of your device, the associated phone number and secondary email addresses.
While these weaker challenges prove successful in blocking most automated bot attacks, they are significantly weaker against both bulk phishing and targeted attacks.
[IMG alt="q2rShRSjqqP5wyyyNo2kQV" width="690px" height="400px"]https://cdn.mos.cms.futurecdn.net/q2rShRSjqqP5wyyyNo2kQV.jpg[/IMG]
Image credit: Google
However, ādevice-based challengesā thwarted almost every automated or bulk phishing attack that was thrown up against it, and performed considerably better against targeted attacks.
These challenges include sending an SMS code or an on-device prompt to your associated mobile device, or alternatively using a designated security key such as YubiKey or Googleās own Security Key, which was the only method tested that had a 100% prevention rate across the board.
[ul]
[li]Yubico launches Security Key NFC and previews Yubikey for Lightning[/li][li]Google reveals its super-secure Security Key[/li][/ul]
On the flipside, Google recognized that there is an inherent downside to requiring a recovery number or associated device ā āin an experiment, 38% of users did not have access to their phone when challenged. Another 34% of users could not recall their secondary email addressā. This, alongside the āadditional frictionā introduced by such challenges, is why Google hasnāt made such security compulsory for accounts.
If you think your account hygiene isnāt up to scratch, itās worth taking the time to follow Googleās own five-step solution to staying safer online, which handily provides links to the relevant settings so you can change them right away.
[ul]
[li]Google blocked a million apps from the Play Store in 2018 due to security issues[/li][li]Google says Play Store is more secure than ever[/li][/ul]
Continue readingā¦
Googleās Security Blog has published research on the effectiveness of ābasic account hygieneā, finding that āsimply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during [the] investigationā.
The research was formulated from two different studies, conducted in conjunction with the New York University and the University of California, San Diego, focusing on wide-scale attacks and targeted attacks respectively.
[ul]
[li]A look inside Googleās security team[/li][/ul]
The blog post details the automatic account security measures that Google employs ā these include āknowledge-based challengesā such as verifying the last sign-in location of your device, the associated phone number and secondary email addresses.
While these weaker challenges prove successful in blocking most automated bot attacks, they are significantly weaker against both bulk phishing and targeted attacks.
[IMG alt="q2rShRSjqqP5wyyyNo2kQV" width="690px" height="400px"]https://cdn.mos.cms.futurecdn.net/q2rShRSjqqP5wyyyNo2kQV.jpg[/IMG]
Image credit: Google
However, ādevice-based challengesā thwarted almost every automated or bulk phishing attack that was thrown up against it, and performed considerably better against targeted attacks.
These challenges include sending an SMS code or an on-device prompt to your associated mobile device, or alternatively using a designated security key such as YubiKey or Googleās own Security Key, which was the only method tested that had a 100% prevention rate across the board.
[ul]
[li]Yubico launches Security Key NFC and previews Yubikey for Lightning[/li][li]Google reveals its super-secure Security Key[/li][/ul]
On the flipside, Google recognized that there is an inherent downside to requiring a recovery number or associated device ā āin an experiment, 38% of users did not have access to their phone when challenged. Another 34% of users could not recall their secondary email addressā. This, alongside the āadditional frictionā introduced by such challenges, is why Google hasnāt made such security compulsory for accounts.
If you think your account hygiene isnāt up to scratch, itās worth taking the time to follow Googleās own five-step solution to staying safer online, which handily provides links to the relevant settings so you can change them right away.
[ul]
[li]Google blocked a million apps from the Play Store in 2018 due to security issues[/li][li]Google says Play Store is more secure than ever[/li][/ul]
Continue readingā¦