3 min read

“Online security can sometimes feel like walking through a haunted house – scary, and you aren’t quite sure what may pop up”
Jonathan Skelker, product manager at Google

 

October 31st marked the end of ‘Cybersecurity awareness month’ and Google has made sure to leave its mark on the very last day. Introducing a host of features to protect users account from being compromised, Google has come up with checkpoints before a user signs in, as soon as they are in their account and when users share information with other apps and sites.

Let’s walk through all these features in detail.

#1 Before you sign in- Enable Javascript on the Browser

A mandatory requirement for signing into Google now is that JavaScript should be enabled on the Google sign-in page. When a user enters their credentials on Google’s sign-in page, a risk assessment will be run automatically to block any nefarious activity. It will only allow the sign-in if nothing looks suspicious.
The post mentions that “JavaScript is already enabled in your browser; it helps power lots of the websites people use everyday. But, because it may save bandwidth or help pages load more quickly, a tiny minority of our users (0.1%) choose to keep it off”

Here is what one user had to say:


Source: y combinator

#2 Security checkup for protection once signed in

After the major update introduced to the Security Checkup last year, Google has gone a step forward to protect users against harmful apps based on recommendations from Google Play Protect. The web dashboard helps users set up two-factor authentication to check which apps have access to users’ account information, and review unusual security events. They also provide information on how to remove accounts from devices users no longer use.

Google’s is introducing additional notifications which will send personalized alerts whenever any data is shared from a Google account with third-party sites or applications (including  Gmail info, sharing a Google Photos album, or Google Contacts).

This looks like a step in the right direction especially after a recent Oxford University study revealed that more than 90% apps on the Google Play store had third party trackers, leaking sensitive data to top tech companies.

#3 Help issued when a user account is compromised

The most notable of all the security features is a new, step-by-step process within a users Google Account that will be automatically triggered if the team detects potential unauthorized activity.

The 4 steps that will run in the event of a security breach includes:

  1. Verify critical security settings to check that a user’s account isn’t vulnerable to any other additional attacks by other means, like a recovery phone number or email address.
  2. Secure other user accounts taking into consideration that a user’s Google Account might be a gateway to accounts on other services and a hijacking can leave them vulnerable as well.
  3. Check financial activity to see if any payment methods connected to a user’s accounts were abused.
  4. Review content and files to see if any of a user’s Gmail or Drive data was accessed or misused.

Head over to Google’s official Blog to read more about this news.

Read Next

Google’s #MeToo underbelly exposed by NYT; Pichai assures they take a hard line on inappropriate conduct by people in positions of authority

Google employees plan a walkout to protest against the company’s response to recent reports of sexual misconduct

A multimillion-dollar ad fraud scheme that secretly tracked user affected millions of Android phones. This is how Google is tackling it.