Google reveals how it has improved user account security

There's always the risk that you can sign onto one of your online accounts only to find that someone else has taken it over without your knowledge or permission. That kind of situation was happening quite a bit to people who used Google's online services such as Gmail in the past.

This week, Google posted word on its blog page that it has taken more steps to better protect user accounts from such activity. The efforts started in 2010 when Google noticed that hackers had made changes in their efforts to break into Google accounts.

The blog stated:

We’ve seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time. A different gang attempted sign-ins at a rate of more than 100 accounts per second.

Google's solution was to create a large number of variables, over 120 in fact, that are considered whenever a person signs onto a Google account. If a sign-in doesn't agree with the variables, such as an account that's accessed from a different country than usual, Google might ask the user a security question or their phone number.

Most hackers can't answer that information and Google said that those efforts have caused account hijacks to go down by 99.7 percent since 2011. Of course, users can take their own steps to better protect their accounts, such as using two step notification for password confirmations, as well as stronger passwords and using more options for password recovery.

Source: Google blog | Image via Google

Report a problem with article
Previous Story

Microsoft expands Imagine Cup to include a focus on women

Next Story

Microsoft: Over 7 million registered Yammer users

17 Comments

Commenting is disabled on this article.

google is doing an excellent job. their ability to "see" is quite impressive. microsoft is more sensitive to Joe sheep who thinks security is inconvenient. and it is quite so but also quite necessary that we not be foolish and lazy. you guys likely see the same news I do about these hackers that seem government backed and extraordinary malware discoveries . we need protection and we need our individual thinking caps on.

I use Google's two-step verification myself, but I think that system is too complicated for most users. It would be better to just send a verification code through SMS.

Isn't that exactly what Google does? When I want to access from an unrecognized browser I simply get the verification SMS and I can enter. Considering Google has to pay for those SMS (scumbags operators want to be paid for received SMSs too) it's pretty awesome they do it for free.

Uhm, in the US sending text messages from the internet is free.

For this reason you have to pay for received tekst messages, them letting you pay for sending them is just a rip off IMO.

francescob said,
Google has to pay for those SMS (scumbags operators want to be paid for received SMSs too) it's pretty awesome they do it for free.

Google offers free phone number, sms, and phone calls for every user.

Google offers free phone number, sms, and phone calls for every user.

Not exactly. You still need to have a valid cell phone plan to use it, so your phone calls aren't really free. SMS is, and should be, free...it's pathetic how operators rip you off with that.

-Razorfold said,

Not exactly. You still need to have a valid cell phone plan to use it, so your phone calls aren't really free. SMS is, and should be, free...it's pathetic how operators rip you off with that.

Its free if you're calling from your PC or have VoIP phone.

Of course, users can take their own steps to better protect their accounts, such as using two step notification for password confirmations, as well as stronger passwords and using more options for password recovery

And some of the work/blame needs to go to the end user. Users are notified how to secure their info and the proper way to set a password. If they dont follow the guidelines that are set and clearly stated, then thats the users fault.

Does Live Mail/Outlook.com have the same 2-step SMS authentication? I didn't find any setting regarding that in the account option.

francescob said,
Does Live Mail/Outlook.com have the same 2-step SMS authentication? I didn't find any setting regarding that in the account option.

Sometime when I sign in from another computer, or browser Live will email a code to my alt email and I'll have to type it in, even after I've put in usr and pw.

Bing/Hotmail/Outlook does. For a long time already.

Ok while I thought of looking this up in the new outlook... The Microsoft Account control panel seems to be missing this.

The old Hotmail had this ability, i've come across it several times. Weird

Changing my security information was able to sent me text messages.

I myself only use notifications, i get them from FB, Google and MS when unrecognised devices try to access it
Got one of those messages from FB a few weeks ago, (a successfull login from a device not mine)... So i had to go on a password changing spree (i do reuse passwords altho i have a ton different ones i use depending on privacy factor)

I know they blocked a hijack attempt on one of my secondary mailboxes. I don't use the mailbox much but they caught it none the less.

The best security you can have with your personal information is to simply not give ANY of it to google; including many other online companies - but the biggest violator is google.

pgxl said,
The best security you can have with your personal information is to simply not give ANY of it to google; including many other online companies - but the biggest violator is google.

Paranoid? Anything you post or put online can be hacked, stolen, and used for the wrong purposes. Doesnt matter if it is Google, Microsoft, Apple...whoever. Companies like Google can only do so much to protect the user and some of the blame has to go on the user as well. If you use simple, week passwords then yea, you are going to get hacked. Is that Google's fault? No, its yours. Google, like many others, periodicically come up and prompt you to use more secure passwords or enter more info to authenticate yourself if you forget your info.

And Google the biggest violator? Maybe for all of those who believe the Microsoft bashing ads it is the biggest violator.

I do not really trust Google with all my data, especially many private personal information. (Microsoft a bit more... for now)
But security wise I trust Google as much as Microsoft. Because I know Microsoft has some smart coders, so does Google.
Android is a mess when it comes to security, which has been improving allot.
But for outside forces hacking into my account, they both use the same means to prevent it. Text messages.