Thursday, November 14, 2013

How to Protect your Google Accounts

I went into Google a few months back and viewed the plethora of information they have collected about me over time using information from domain names, social media accounts, browsers, email clients, and public record. It was alarming (but understandable). Use the internet for 20 years and you’ll have a backlog of info you’ve provided too. Two days ago I had to add yet another Google Analytics profile to my account. When I logged in, I saw the scrolling list of domains, and then it occurred to me that while I take precautions, many of my clients (who I also provide access to their sites via Google) might not take the same safety measures when it comes to protecting their Google accounts.


The method I use is called Two-Step verification. In short, to add another device (computers, phones, etc) I have an app [Google Authenticator] where I’ve already been authenticated. That app gives me a code that changes every 30-40 seconds, when I’m adding another system I simply open my phone, enter the code, then I’m verified. If I don’t have my phone on me, or someone else is trying to gain access to my accounts, then Google can prevent the access from that machine (if I’ve not yet used it).


Food for thought
One of my clients had to send out an email today along the lines of “Please ignore the last email to you from my email accounts, it was someone else.” That’s scary. While most other people might use Google Apps or G-mail, Google is striving more and more daily to make their accounts all seem fluid. So if you’re writing on Blogger, you’re using the same account you check your e-mail with. If you’re shopping with Google, then it’s the same account. If you’re posting messages on Google+, then its the same account… domain contacts, corporate email management, Google Analytics, and Webmasters access… not to mention anywhere you’ve logged in with your Google account as an OpenID. It’s sort of like making your Google account the holy grail of all things to hack. Google has the infrastructure to protect a lot of the attempts, but if you don’t take the time to enable the provided features (like two-step verification), you may find yourself the victim of more than identity theft.

No comments:

Post a Comment

I'm going to read this before it goes live if you don't mind.