Interested in learning what's next for the gaming industry? Join gaming executives to discuss emerging parts of the industry this October at GamesBeat Summit Next. Learn more.


Today, to mark the last day of Cybersecurity Awareness Month, Google announced key security enhancements it’s making to prevent attackers from hijacking users’ Google Accounts.

“Online security can sometimes feel like walking through a haunted house — scary, and you aren’t quite sure what may pop up,” Google product manager Jonathan Skelker wrote in a blog post. “We are constantly working to strengthen our automatic protections to stop attackers and keep you safe from the many tricks you may encounter.”

Perhaps most notable is a new step-by-step flow within the Google Account page. It’ll trigger automatically the moment “potential [sic] unauthorized activity” is detected, Skelker explained, and walk users through a four-step process:

  1. Verifying security settings to ensure their account isn’t vulnerable to additional attacks and can’t be accessed via a recovery phone number, email address, or other means
  2. Securing other online accounts attached to a user’s Google Account
  3. Checking financial activity to ensure payment methods connected to the account (such as Google Pay or a credit card) weren’t abused
  4. Reviewing content and files to see if Gmail or Google Drive data was compromised

Google’s also introducing additional notifications within Security Checkup, a web dashboard from which users can set up two-factor authentication, check which apps have access to users’ account information, and review unusual security events. In the coming weeks, it’ll send out personalized alerts whenever any data’s shared from a Google account with third-party sites or applications — whether it’s Gmail info, a Google Photos album, or Google Contacts.

Event

Transform 2022

Join us at the leading event on applied AI for enterprise business and technology decision makers in-person July 19 and virtually from July 20-28.

Register Here
Google security

Above: The new Google security checkup flow.

Image Credit: Google

Finally, Google will now require that JavaScript is enabled on the Google sign-in page. As Skelker noted, an array of JavaScrip-based risk assessments run every time users enter their username and password, and block suspicious sign-ins automatically.

Today’s improvements come roughly a year after Google revamped Security Checkup with “personalized guidance” tailored to individual accounts and launched predictive phishing protection in Chrome. Earlier this month, the Mountain View company said it would begin activating security alerts for G Suite admins by default if it believes the company’s systems are being subjected to a government-backed attack. And just last week, Google brought personal data controls — including a new data history view-and-delete feature — directly into Google Search.

In June, Google Account got a makeover on Android. It’s now based on Google’s Material Design language and organizes controls into tabs along the top — Account, Data & Personalization, Security, People & Sharing, and Payments & Subscriptions — and a dedicated support page that links to handy Google forums. More recently, as part of Google’s Project Strobe initiative, the company said it would roll out a streamlined permissions management view for Google account access prompts; implement a stricter API access policy for the consumer Gmail API; and limit Android apps’ ability to receive call log and SMS permissions on Android devices.

The search giant’s renewed focus on privacy features follows several high-profile headlines this year, such as the Facebook and Cambridge Analytica data scandal. A recent Wall Street Journal report earlier this year revealed that Google+, Google’s eponymous social network, failed to disclose an exploit that might have exposed the data of more than 500,000 users. Following the news, Google announced that Google+ will formally shut down in August 2019, following a 10-month wind-down period; in the interim, it’ll see new features “purpose-built” for businesses.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Author
Topics