Today, to mark the last day of Cybersecurity Awareness Month, Google announced key security enhancements it’s making to prevent attackers from hijacking users’ Google Accounts.
“Online security can sometimes feel like walking through a haunted house — scary, and you aren’t quite sure what may pop up,” Google product manager Jonathan Skelker wrote in a blog post. “We are constantly working to strengthen our automatic protections to stop attackers and keep you safe from the many tricks you may encounter.”
Perhaps most notable is a new step-by-step flow within the Google Account page. It’ll trigger automatically the moment “potential [sic] unauthorized activity” is detected, Skelker explained, and walk users through a four-step process:
- Verifying security settings to ensure their account isn’t vulnerable to additional attacks and can’t be accessed via a recovery phone number, email address, or other means
- Securing other online accounts attached to a user’s Google Account
- Checking financial activity to ensure payment methods connected to the account (such as Google Pay or a credit card) weren’t abused
- Reviewing content and files to see if Gmail or Google Drive data was compromised
Google’s also introducing additional notifications within Security Checkup, a web dashboard from which users can set up two-factor authentication, check which apps have access to users’ account information, and review unusual security events. In the coming weeks, it’ll send out personalized alerts whenever any data’s shared from a Google account with third-party sites or applications — whether it’s Gmail info, a Google Photos album, or Google Contacts.
Today’s improvements come roughly a year after Google revamped Security Checkup with “personalized guidance” tailored to individual accounts and launched predictive phishing protection in Chrome. Earlier this month, the Mountain View company said it would begin activating security alerts for G Suite admins by default if it believes the company’s systems are being subjected to a government-backed attack. And just last week, Google brought personal data controls — including a new data history view-and-delete feature — directly into Google Search.
In June, Google Account got a makeover on Android. It’s now based on Google’s Material Design language and organizes controls into tabs along the top — Account, Data & Personalization, Security, People & Sharing, and Payments & Subscriptions — and a dedicated support page that links to handy Google forums. More recently, as part of Google’s Project Strobe initiative, the company said it would roll out a streamlined permissions management view for Google account access prompts; implement a stricter API access policy for the consumer Gmail API; and limit Android apps’ ability to receive call log and SMS permissions on Android devices.
The search giant’s renewed focus on privacy features follows several high-profile headlines this year, such as the Facebook and Cambridge Analytica data scandal. A recent Wall Street Journal report earlier this year revealed that Google+, Google’s eponymous social network, failed to disclose an exploit that might have exposed the data of more than 500,000 users. Following the news, Google announced that Google+ will formally shut down in August 2019, following a 10-month wind-down period; in the interim, it’ll see new features “purpose-built” for businesses.