Google Accounts Get Security Boost With New Critical Alerts System

Google on Wednesday unveiled a pair of online products designed to better protect the security and privacy of Google users' information. From a report: The company said it will soon introduce a redesigned critical alert to warn Google Account users when a serious security threat is detected, such as a suspected hack. Unlike alerts that arrive in your email or on your phone, the new alert will automatically be displayed in the Google app you're using. To provide an additional layer of reassurance, Google says the new alert is spoof-proof, so you don't have to worry about whether the alert is legitimate. Google is also rolling out a new feature for Google Assistant called Guest mode that will allow you to use the voice-activated AI without your interactions being saved to your Google account. A simple voice command turns the feature on and off.

I know

[nospam007]

You can't change browsers or your VPN country without triggering DEVCON 1.

Re:

[Mattcelt]

Can confirm.

Was recently locked out of my gmail account because I was logging in from a (physically) unusual location... despite having the correct password AND entering the code from the backup email. It took me nearly four hours to game the system enough to let me back in.

In other words, this system still needs some serious work. Google (still) aren't as smart as they think they are.

Re:

[AmiMoJo]

You should set up 2 factor auth with backup codes. With the backup codes you can always get back in.

Google (rightly) doesn't trust backup email accounts too much. Too easy to compromise, too many people using the same password for both.

Re:

[Mattcelt]

Did you miss the part where I had both the password AND the backup code?

Oh, and I was actively connected to my email account from TWO iOS devices. Google could literally have sent an email with a code to my primary address and I would have received it.

But instead they require yet more highly personal information to set up 2FA. This is not a coincidence.

Re:

[AmiMoJo]

Not the code they send to your backup email, the backup codes generated when you enable 2FA.

Obviously there is no point sending an email to your primary address if it might be compromised.

Re:

[MrL0G1C]

Deleting cookies and changing IP address frequently prevents tracking, you will be punished.

Re:

[tlhIngan]

Deleting cookies and changing IP address frequently prevents tracking, you will be punished.

Not really, I'm certain Google uses "super cookies" that persist even after such quaint measures. They aren't above using flaws in browsers to ensure they can still track and monitor you (they exploited a flaw in Safari to do so), so I'm sure they have plenty of mechanisms to follow you around even without cookies or an IP address.

Re:

[MrL0G1C]

I'm sure they could but they probably risk getting sued for billions in the EU if they do this.

Re:

[AmiMoJo]

I tried that this morning, in fact I'm logged in from home and two different VPNs right now, it's fine.

the new alert is spoof-proof

[fustakrakich]

Oh, a challenge, eh?

Uh huh

[fahrbot-bot]

Google says the new alert is spoof-proof, so you don't have to worry about whether the alert is legitimate.

Cue spoof proof of concept in 3... 2... 1...

[ Nothing is certain Google, except death and taxes -- unless, you're really poor or rich and don't pay taxes.
But you're definitely going to die, at some point. ]

Re:

[lessSockMorePuppet]

But you're definitely going to die, at some point.

That's no given either: not all of the people who have ever lived have died (as in, they are still alive). Therefore, it is highly probable that death will occur, but it is not necessarily a given.

Re:

[sconeu]

Darn it... you beat me to it!

Google says the new alert is spoof-proof, so you don't have to worry about whether the alert is legitimate.

Scammer says, "hold my beer".

Re:

[rtb61]

Spoof proof, oh yeah, pull the other ones Googlites, the minions of evil. It will be super spoof full, watch as Google ever so accidentally censors competitors in all aspect of life, politics, commerce, what ever by mistake.

Seriously think it will be a mistake that they advertise your site as a serious security threat for a day, nope, it's the google necromonger way, you keep what you kill.

So many accidental false positives as they target and shut down any web site they want to. That is the plan and make n

Not quite right

[kqc7011]

Googles Critical Alert said that I should change two or three of my passwords, one of which was very simple and not used for anything other than logging into a few sites. The other's, I did change from very hard passwords to hard passwords suggested by my computer, with bunch of letters (both capitalized and not), symbols and numbers. Been using those new ones and Google still has the warning up. Sophos has been monitoring my computer for awhile now and it continues to say that I am protected. Full scans

zzz

[awwshit]

New garbage disposal makes whirring and sucking sounds.

Fishing Season

[s4080326]

I just received one of these via SMS it has link to a nice and simple password change form.

Spoof proof

[t4eXanadu]

Nothing is spoof proof. Well, I guess that's the one thing you can't spoof: actual nothingness.

comment

[erwinwallpaper]

Nice, more security for my google account.