Security myth busting & spring cleaning

People are constantly being told to strengthen their security habits, but with so much advice — some of it conflicting — it’s hard to understand where to start or what to believe. Perhaps that’s why people go the easy route. Based on a new study we commissioned with Ipsos, nearly 20% of Americans still use common passwords like Password, abc123 and 123456.

So, we’re introducing a twist on spring cleaning this year: a digital cleaning to throw out old security advice and replace it with better practices. In honor of World Password Day today, we encourage everyone to start by leveraging the security protections built directly into our products that make every day Safer with Google.

Out with the old (cybersecurity myths)

As cybersecurity evolves, many of our old fears about it are no longer relevant or even true, especially with ongoing tech innovations. Here are a some of those myths we’re debunking today:

“It’s up to me to spot suspicious links on my own”: Phishing schemes can lead to serious cyber attacks, but by leveraging tech that is secure by default, you’re automatically protected from many of them. If you’re using Chrome or Gmail, we’ll proactively flag known deceptive sites, emails and links before you even click them, and Google Password Manager won’t autofill your credentials if it detects a fraudulent website. With the right security protections, which are set as default in Google products, less of the burden is on you.

“Avoid public Wi-Fi at all costs” The tech industry continues to make improvements to reduce security risks with public Wi-Fi, which has historically been the model for bad security practices. Websites using HTTPS provide secure connections using data encryption. Chrome offers HTTPS-First mode to prioritize those sites and makes it easy to identify protected pages with a lock icon in your web address bar. Use that as a signal for which websites to visit.

“Bluetooth is dangerous”: Bluetooth technology has come a long way since its inception. It’s far more advanced and harder to break into, especially in comparison with other technologies. However some people might still question whether Bluetooth, familiar as a pairing technology, is a secure method to help you sign in. After all, you’re used to seeing nearby devices like your phone or headphones show up on your laptop. But using current Bluetooth standards is very secure, and doesn’t actually involve pairing. It’s used to ensure your phone is near the device you’re signing in to, confirming it’s really you trying to access your account.

“Password managers are risky”: It might seem risky to entrust all your credentials in a single provider, but password managers are designed for security —and if you use ours, built directly into Chrome and Android, then you know it’s secure by default. Our research shows that 65% of people still reuse their credentials for various accounts, password managers solve that problem by creating new passwords for you and ensuring their strength. They’re also increasingly more secure, in fact, we recently launched a new on-device encryption for Google Password Manager, allowing you to keep your passwords more private and protected with your Google Account credentials before they’re sent to us for storage.

“Cybercriminals won’t waste their time targeting me”: You might not be a high-profile figure, but that doesn’t mean you’re not on cybercriminals’ radars. In fact, the everyday person is the perfect target for social engineering, which is when an attacker manipulates you into sharing personal information used for a cyber attack. Social engineers do this for a living and it’s a low cost, low effort way to reach their goals, especially in comparison to physically breaking technology or trying to target someone in the public eye. Protect yourself by being aware of social engineering and taking advantage of products that are secure by default like Gmail, Chrome, etc.

In with the new (digital spring cleaning)

Similar to how you clean out your garage each spring, we encourage you to spruce up your security. Get started with these tips and take a quick Security Checkup, which will guide you through protections that can instantly secure your Google Account.

• Use 2-Step Verification (2SV): 2SV requires a second form of verification to access your account beyond your password — which could be a code sent to your phone, security key, etc. So, if someone tries to access your account, they will have a much harder time because they’ll need your password and second form of verification. Apply 2SV to secure your Google Account today, which will also cover all the services you use Sign in with Google for, with a simple tap on your device.
• Use a Password Manager: Now that you know the truth about password managers, use one in addition to 2SV. Google Password Manager, built into Chrome and Android, will store your passwords, auto populate them for sites, create strong passwords, ensure they’re not entered into malicious sites, and alert you when they’re compromised.
• Setup Account Recovery: Things happen, we lose our phones, forget our passwords, etc., so it’s critical to have recovery in place to gain access to your account in the event you’re locked out. This is especially true since other accounts utilize your email as a recovery method, so by keeping your Google Account recoverable, you do so for your other accounts as well. We’re also working to eliminate more inactive accounts for the safety of our users, so if your account becomes inactive and we take action, recovery and 2SV enablement will ensure you don’t lose data. Add a recovery email and phone number to your accounts today and sign up for Inactive Account Manager in addition to 2SV.
• Install Updates: Finally, apply all those updates you’ve been putting off across your devices. Software updates often address critical security vulnerabilities, and with cyber threats on the rise, they’re more important than ever. Remember, there’s no IT team dedicated to maintaining your security like there may be at work, so it’s up to you to protect yourself at home. Take time to survey your mobile device, router, computer, etc., for updates.

We know security news will continue to flood your feeds today, but keep these tips in mind and freshen up your security this spring. For more security tips, and to learn about all the ways we make every day Safer with Google, visit our Safety Center.