Google Preaches Importance Of Basic Account Hygiene To Combat Hackers

It feels like we hear about a new cybersecurity attack nearly everyday. Hackers use phishing, keylogging, and targeted attacks to gain access to sensitive information. Is there anything we can do to prevent what appears to be the inevitable? According to a recent study by Google, basic account hygiene can greatly reduce hijacking.

Google conducted a year-long study alongside researchers from New York University and the University of California, San Diego. They studied wide-scale attacks and presented their findings at the Web Conference in San Francisco. The purpose of the study was to determine whether basic security measures could truly decrease the success rate of hackers.

gmail graphic

The study determined that simply adding a recovery phone number blocks 100% of automated bots, 99% of phishing attacks, and 66% of targeted attacks. SMS codes and on-device prompts also helped to further combat hackers. SMS codes blocked 100% of automated bots, 96% of phishing attacks, and 76% of targeted attacks, while on-device prompts successfully combated 100% of automated bots, 99% of phishing attacks, and 90% of targeted attacks. Security keys were the most effective and blocked 100% of bots, phishing, and targeting attacks.

The study also revealed that “knowledge-based” measures, such as secondary email addresses and “last known location”, were less effective options. According to Google, “phishing pages and targeted attackers can trick you into revealing any additional identifying information”. Users also tend to forget information like their secondary email address and can lock themselves out of their account.

google basic account hygiene graph

Image from 

What if your device was stolen? Recovery phone numbers and their accompanying security measures would be ineffective, right? Thankfully Google users can regain access to their account if they log on to a “trusted device”. The system is not perfect, but users can at least try to make changes to their account if a hacker gains access to it.

Many users can also benefit from Google’s various security improvements. They recently banned sign-ins from embedded browser frameworks to reduce the number of phishing attacks. They also require JavaScript to be enabled in browsers so that they can run a risk assessment whenever credentials are entered and block the login attempt if necessary.

The study did note that while most of Google’s security measures are able to successfully block bots and phishing attacks, they are still struggling to reduce the number of targeted attacks. However, they also insisted that targeted attacks are not random and tend to focus on specific users. “High-risk” users such as politicians, journalists, and business leaders may want to consider more robust security measures like Google’s Advanced Protection Program. Most people will enjoy relative security by simply adding a phone number to their account. For now, it is comforting to know that basic account hygiene can keep most user accounts secure.