In the year 2020, the concept of being “very online” has lost all meaning — after all, aren’t we all? From the first flick through our social media feed in the morning, to the WFH life, to ordering up dinner to-go, we do more online than ever before. But for many of us, our online security habits haven’t really changed much since the days when “being online” meant checking email a couple times a day.
Many of us know things like reusing the same passwords over and over, or not updating apps, are risky — yet we don’t change our behavior. Maybe it’s because we feel overwhelmed: In a 2019 survey by Google and Harris Poll, 75% of Americans said they feel frustrated keeping track of passwords. Which is probably why 66% of respondents use the same password on multiple accounts, and 59% incorporate easy-to-guess information into passwords, like their birthday or pet’s name. We don’t need to tell you the risks — let’s just say your private information deserves way better protection than “Rex” can provide.
But for anyone still scribbling passwords on a sticky note, there’s good news. Making your data safer online has never been easier thanks to Google’s industry-leading security — a powerful range of tools that protect your private information from data breaches, phishing, malware, and more. Better yet, the tools are fast, free, and built right into your Google Account, so you can start using them today.
Ready to toss the sticky notes and get started? Ahead, we outline the most common security risks we all face, and the safer solutions you might not have known were at your fingertips.
Use a unique password for every site
Nearly half of Americans struggle to keep track of their passwords. While some people write them down or store them in a digital file, the majority of us memorize them. It’s a method that’s as flawed as you might imagine — you might forget your password, or to make memorization easier, you might reuse the same one across multiple accounts. The problem with that? Different sites have different levels of security. In a way, your duplicate password is only as safe as the weakest site you use it on.
Memorized and duplicate passwords also tend to lead to guessing — where we try one of our “standard” passwords on the wrong site. “Once we’ve memorized a password, [we] can easily type it in without paying close enough attention to where we’re entering it,” said Google’s director of engineering, Stephan Micklitz, in an About Google interview. When it comes to online safety, he says, “The less often you enter a password, the better.”
The safest way to keep track of passwords is with a password manager that creates, stores, and remembers a unique, nearly impossible-to-crack password for each site you visit. Google Password Manager is built into all Google Accounts, and generates unique passwords for every login and auto-fills them in when you’re using Chrome or Android. It’s a free and convenient way to create, remember, and manage all your unique passwords, and protects your data with one of the world’s most advanced security infrastructures.
Give your passwords a routine check-up
Until passwords are a thing of the past — one day, they may be — they are one of the best ways to protect your personal information. But all passwords are not created equal, and the ones you choose determine how secure your personal information is.
Take reused passwords: They’re risky, and much more common than you might think. More than half of people ages 16 to 50 use the same password for multiple accounts. One in four say they’ve used some variation of the same weak one (think password, p@s$word, and password123).
Even if your password isn’t as easy as 1, 2, 3, other common formulas people use may not protect your password as much as you think — like the “trick” of substituting symbols or numbers for letters. “Cleverly swapping ‘$’ and ‘5’ instead of ‘s’ does nothing for phishing or credential breaches,” wrote Mark Risher, senior director of product development at Google in a tweet. These changes usually have some logic to them, which makes them easy for others to guess.
Not surprisingly, four in 10 Americans say their personal information has been compromised, which is why it’s a good idea to take inventory of old passwords. One of the easiest ways to do this is with Google’s Password Checkup. It’s a feature built into its Password Manager that vets saved passwords, and when it spots an issue, it gives you a personalized and actionable recommendation.
Google not only checks how strong each password is and if it’s been repeated on more than one account, but also if they find it’s been breached by a third party. After the initial checkup, Google can let you know if a saved username or password was compromised so you can get ahead of any threats. Think of it as your own personal, 24/7 security system protecting your private information.
Pause before you click
We’ve all clicked on a link, or opened an email that makes us think, “Hmm, something about this doesn’t feel right.” Maybe it’s an email that seems to come from your bank, notifying you of a data breach and asking for your password and mother’s maiden name to “secure your account.” Or you open a link to a website that somehow just looks off — wait, is that even how your bank’s name is spelled?
Such phishing attempts are one way bad actors try to get your personal information online — and they’re becoming increasingly adept at it, with an even more sophisticated and targeted method. “Spear phishing is when an attacker crafts such a cleverly personalized message that it’s difficult for the victim to recognize fraudulent intent,” says Micklitz.
Luckily, Google makes sure you won’t get caught. Gmail’s powerful, built-in phishing protections ensure most suspicious emails never even make it to your inbox, while Google Safe Browsing gives you a can’t-miss warning when you stumble onto a potentially deceptive site. You can even check a URL’s Safe Browsing Status to make sure it’s safe before you visit. All told, Google protects its users from 99.9% of all phishing attacks.
Always opt for two-factor authentication
Two-factor authentication (2FA), sometimes called multi-factor authentication, is a tool that adds a layer of security to logins by requiring users to provide information in addition to a username and password.
One common form of 2FA are codes sent via text messages. These are better than nothing, but they can still be exploited by fraudsters who use social engineering (that is, they call your cellular provider and impersonate you) to initiate a “SIM swap.” Once they’ve done that, your security-code texts pop up on a hacker’s phone — so you can see why text-messaging is far from ideal for financial transactions or other highly sensitive information.
Biometrics — a fingerprint or face-recognition technology — are a step up. But the most effective 2FA is one-time code that’s only available for a few minutes, such as with Google’s Authenticator app or security key.
Most of us only use 2FA when directed to, but it can be activated under the security settings of most major apps as well as on sites. It not only makes your account harder to attack, but it makes it less attractive to hackers. They’ll simply move on to an account that’s easier to breach.
While no one security feature is foolproof, each Google tool adds a layer of protection that keeps your personal information secure. And with the amount of data we all have online, using the industry-leading security tools at our fingertips doesn’t just make sense, it’s become a must. The only thing better than knowing your privacy is protected online, is the peace of mind that comes with it.