Google Account Hacks Drop 50% Thanks To 2FA

Google is one company that takes account security seriously, with the evidence seen in the number of security features added in the last few years. The company made the changes in the previous year when the company added a two-factor authentication or two-step verification, 2FV.

The campaign for the change, which started in October 2021, saw the company turn on 2FV for 150 million Google accounts and 2 million YouTube accounts. 2FV uses a combination of passwords and a second login challenge such as a mobile number or Google App confirmation. According to Google, the improvement proved effective as it saw a 50% drop in account hacks.

For the last four months, Google has been nudging its billions of Gmail, YouTube, and Google Workspace account holders towards security work. Unfortunately, with such a vast number of accounts, the company is a tempting target for hackers who use their social engineering tricks to coax information out of the users.

Google urges its Gmail account holders to reset their passwords regularly as these accounts are particularly important as a compromise on your email can lead to other hacks. Additionally, using multi-factor authentication minimizes the risk of hackers’ benefits from hacking your password.

A Future With No Password Protection

Multi-factor authentication enables a future where you have to dump your password altogether. On its end, Microsoft is slowly phasing out password usage by introducing biometric technology such as the Windows Hello face identification, phone-based authentication apps, and security keys. With the introduction of the 2FV, Google also hopes to phase out password protection eventually.

Apple, which requires two-factor verification when logging into your account on the web or setting up a new device, is also on the path of phasing out password protection. The company is working on passkeys for iCloud, which will allow users to log on to their accounts without using a password. The technology is already available for developers to test.

The move by the world’s biggest tech companies to improve account security is an indication that you should brace yourself for major changes in account security. In addition, you should expect to see more secure login alternatives in place of the imperfect two-factor verification sent on your phone.

Providing security for Google accounts is not the first security measure by the tech giant. First, the company introduced the hardware security keys, small security devices that connect via USB ports or wirelessly. These devices successfully helped eliminate phishing attacks on Google employees. The only issue with the keys is their complexity and high price.

Other significant changes in the security adoption include:

• LastPass
• 1Password
• Bitwarden
• KeePass

Through these changes, Google encourages users towards its password manager, which is inbuilt in Chrome and Android and can also be used in iOS. On the other hand, Apple has an inbuilt password system for its iPhone, macOS, and iPad and comes with a utility that allows usage on Windows.

Risks of Having Weak and Default Account Passwords

The move by Google to introduce two-factor authentication on its account holders is justifiable, considering most people suck at creating strong passwords. In most cases, you will find account holders using weak passwords, reusing old ones, or storing them in an insecure manner.

Such habits make your accounts vulnerable, prompting attackers to go after them. Some of the leading password security risks include:

Brute Force 

Attackers use brute force to crack passwords through software or automated tools that generate billions of passwords. They later try each of these passwords to gain access to the user account and data until they get the correct password. In this attack, the hacker tries all combinations of letters, numbers, and symbols as per the password rules until they get the right one.

Although brute force doesn’t work online due to the lockout measures, it can go undetected if the attacker gains access to a copy of the system’s password file. In other cases, the hacker can download hashed passwords from the database, increasing their chances of succeeding.

After getting access to one or more hashed passwords, it becomes easy for the hacker to crack the passwords offline.

Phishing

Phishing is the easiest way hackers get access to user passwords. But, instead of hacking into your password, they trick you into typing your passwords into their malicious sites. As you visit these sites, the hackers infiltrate insecure and unencrypted networks. Alternatively, they install a keylogger on your computer that gives them access to your passwords.

Weak Password

Most users prefer using passwords they can remember easily. Unfortunately, as a result, they end up using weak passwords that are easy for cybercriminals to hack. Some of the most common weak passwords that people use include birthdays and their names.

Another common mistake is using the same password over several accounts and different networks and systems. If data from one website or system gets compromised, there’s a high risk that the hacker will access the credentials for the other accounts.

What Can You Do To Improve Your Account Protection and Management

You can avoid falling victim to account hacks and any other form of authentication breach by doing any of the following.

Educating Your Employees

One of the most common security threats is within your organization since it involves people familiar with the infrastructure. You can prevent many security breaches by enforcing strong security measures such as following the best security standards and using strong passwords. In addition, educating your employees about cybersecurity makes it easy to defend your organization against cyber attacks.

Secure Password Storage

Practice using secure password storage to prevent attackers from obtaining your passwords even if your network gets compromised. If you don’t know how to create a secure password, contact a professional IT services provider. Your provider will use hashing storage, a one-way function that is impossible to decrypt.

Multi-Factor Authentication

One of the most reliable ways to ensure account safety is using multi-factor authentication (MFA), similar to what Google introduced to its users to minimize account hacks. MFA requires the use of several authentication evidence before you can gain access to a system or application.

Final Thoughts

You can prevent cybercriminals from creating havoc in your organization by applying the proper password security measures. In addition, you should work with a reliable IT services company to ensure that all your systems and networks are secure.

Technijian uses state-of-the-art tools that help you discover and prevent weak password usage across your network. In addition, we are dedicated to providing you with tech support services ranging from network infrastructure, VOIP, business application support, and operating software administration, among others. Therefore, if you have any queries regarding your network security or other IT-related concerns, don’t hesitate to contact us.