Mr Pietraszek, you and your Team take care of the security of the user accounts. How do you prevent that someone breaks into the accounts of your Users?
Tadek Pietraszek, chief developer for account security: First, it is important to have a hacker attack to discover at all. There are more than a hundred variables, which we will use to detect suspicious activity. Let’s say you live in Germany, traveling very rarely abroad, and someone is trying from another country to access your account, then, for us, that is an alarm signal.
Stephan Micklitz, head of development for security and privacy: Therefore, we then ask, for example, according to the phone number that you have provided to us, or other information that only you know as the owner of the account.
How often such attacks?
Pietraszek: There are daily hundreds of thousands. Our biggest Problem is that in the Internet there are countless lists of hacked Websites, stolen user names and passwords. Since a large part of our users used the same password for different accounts, of course, also the Login data of your Google accounts including.
Tadek Pietraszek and Stephan Micklitz (photo: Conny Mirbach)
Are these lists of the biggest security problem?
Pietraszek: Yes, exactly. The lists and also the typical Phishing attacks. Almost everyone has already gotten E-Mails, where a Criminal alien passwords to corpses. Of course, we cannot contribute our part to make sure you create the. An E-Mail seems to be suspicious, we can draw in Gmail, with alerts, so that you look more closely, or the E-Mail immediately filter. Our Chrome Browser makes them also aware of, if you try to known Phishing sites.
Micklitz: Basically, there are two types of Phishing. The mass E-Mails, with the perpetrators want to gather as many log-in data, and the so-called Spear-Phishing, in which they have it on the account of a particular Person apart. This can be fairly sophisticated actions that can last for several months and for which the offender attack the victim’s life in detail and specifically.
How does Google its users, so that these actions can have no success?
Pietraszek: For example, with the Two-factor authentication. Many users may know from the Online account of your Bank. If you want to transfer money, you need to enter, for example, in addition to the password, an SMS Code. Google has introduced Two-factor authentication in 2009, earlier than most of the other large E-Mail Provider. In addition, Google will benefit users who make active use of a mobile phone, and your phone number registered have try automatically of a similar level of protection in case of suspicious login.
Micklitz: The Two-factor authentication is a good method, but also SMS Codes, you can find out. A Criminal could call, for example, your mobile service provider and try to get a second SIM card to send. Safer authentication with physical security keys, for example, a Bluetooth transmitter or a USB Stick.
Pietraszek: This Option belongs to the Advanced security program.
What’s behind this program?
Pietraszek: We offer it for 2017 to all those who are at an increased risk to be hacked. So, for example, journalists, business leaders, dissidents, or members.
Micklitz: in addition to the physical security key, we also limit the data access from third party Apps by installing the additional steps for the users of your identity must confirm, in case you lose the security key.
(photo: Conny Mirbach)
when was the last great hack attack to do with you?
Pietraszek: the beginning of 2017. Hackers created a malicious program to gain access to the Google accounts of the victims, and fake E-Mails to the contacts of the Users sent. Therein, they requested the receiver to authorize access to a fake Google Doc. Who did the malicious software involuntarily access and sent automatically fake E-Mails to his own contacts. So could spread the Virus quickly. For such cases, we have contingency plans.
Micklitz: In this particular case, we have blocked, for example, the dissemination of these E-Mails in Gmail, to call the program granted approvals and to secure the accounts. Of course, we have also added systematic protection measures, the similar future attacks more difficult. Google accounts are constantly under attack and it is best if our automated systems to protect them. Of course, this assumes that we can reach the user regardless of their Google account, for example, via a second E-Mail address or a mobile number.
What is the significance of the issue of security to the average user?
Pietraszek: There is lots of very important, but safety precautions are a nuisance. This explains, for example, why users use the same passwords for multiple accounts – the worst mistake ever. Our task is to let users know how to your accounts without much effort. In Google account, we therefore offer the security check, you can its settings easily check.
Micklitz: Actually, enough that you stick to a few rules.
to be there?
Micklitz: do not Use the same password for multiple services, install security updates, and avoid suspicious Software. Enter your phone number or an alternative E-Mail address, so that they can be achieved in other Ways. And you activate the screen lock your smartphone to prevent Unauthorised easy access. This is already achieved a lot.
Infobox, article 5 short biographies
Tadek Pietraszek is on Google for the security of the user accounts responsible. He has been working for twelve years at the company in Zurich, where she leads a Team of around 60 experts. In 2006 he completed his PhD at the Albert-Ludwigs-University in Freiburg, Germany in computer science. the
Stephan Micklitz is as head of development worldwide in the areas of security and privacy at Google responsible. He studied at the Technical University of Munich, computer science and works since the end of 2007 at Google in Munich, Germany.