Google Has Stored Some Passwords in Plaintext Since 2005

It happened again: Google announced today that it's the latest tech giant to have accidentally stored user passwords unprotected in plaintext. G Suite users, pay attention.

Google says that the bug affected "a small percentage of G Suite users," meaning it does not impact individual consumer accounts, but does affect some business and corporate accounts, which have their own risks and sensitivities. The company typically stores passwords on its servers in a cryptographically scrambled state known as a hash. But a bug in G Suite's password recovery feature for administrators caused unprotected passwords to be stored in the infrastructure of a control panel, called the admin console. Google has disabled the features that contained the bug.

Before it did so, the passwords would have been accessible to authorized Google personnel or malicious interlopers. Each organization's administrator could have also accessed the plaintext passwords for the account holders within their group.


Recommended PRODUCTS
  • learn how to make money from 8 to 800 per month using google adsense.
  • The Best RSS Autoblog Tool For Blogger Blogspot Blog.
  • GOOGLE SHOOTER THE EASIEST WAY TO MAKE MONEY ONLINE
  • The coolest SEO tool ever made in the history of man on this planet.
  • Automate Your Sharing to Twitter, Facebook, Google, Instagram, Pinterest, LinkedIn..etc
  • Put small animated peel image at the top corner right or left on webpage
  • How 2 Earn a Great Living with Google Adsense in a Step by Step Fashion
  • Change Your Mind, Change Your Life Influence Your Mind and Others.
  • Discover what really works online with two of the worlds top marketers.
  • The stunning secret of turning your wife on with the push of a button.
  • A Tool That Can Help You Get More Attention From Google.
  • Want to rank highly in Google Try traffic Travis, free SEO software
  • A tool that will turn your WordPress site into a powerful marketing machine
  • Transform 'dud' Articles Into Traffic and Cash Machines.
  • ApeSurvival is all about survival and self-defense products, tips and news.
  • With the help of this software, you can achieve financial freedom and live the life that you desire.
  • Packed full of the info you need for profitable horse racing
  • Clickbank Ads
     

    Twitter and Facebook have dealt with plaintext password bugs of their own in the past 18 months. But where those two companies both concluded that it was unnecessary to auto-reset user passwords, Google is taking the step "out of an abundance of caution." At the time, Twitter would not comment on how long it had been storing users' passwords in plaintext. Facebook's bug dated back to 2012.

    Google's bug, meanwhile, has existed since 2005—a year before "Google For Work" even became an official offering. And while the company emphasizes that it has no evidence that the plaintext passwords were ever accessed or abused, 14 years is a long time for sensitive data to hang around unnoticed.

    "Our authentication systems operate with many layers of defense beyond the password, and we deploy numerous automatic systems that block malicious sign-in attempts even when the attacker knows the password," Google vice president of engineering Suzanne Frey wrote in a blog post. "In addition, we provide G Suite administrators with numerous two-step verification (2SV) options. … We take the security of our enterprise customers extremely seriously, and pride ourselves in advancing the industry’s best practices for account security. Here we did not live up to our own standards."

    Google is in the process of notifying G Suite administrators, and says that it will also automatically reset any impacted passwords that haven't already been changed. The company discovered the bug in April, and an additional plaintext password bug in May during the course of its investigation. The latter accidentally stored plaintext passwords for new G Suite customers as they completed their sign-up. That bug only went into effect in January 2019, and those unhashed passwords were only stored for a maximum of 14 days. Google says that it has fixed both the main admin console plaintext bug and the more recent sign-up flow issue.

    "Google typically has a decent track record of catching bugs fast and remediating them, so the fact that this was around since 2005 and wasn’t caught is disconcerting," says David Kennedy, CEO of the enterprise penetration testing firm TrustedSec. "We have seen this with Twitter, Facebook, and multiple other organizations where legacy processes or applications cause clear text passwords to be exposed internally. And even if it's only internal it still creates a substantial privacy and security concern."

    Since all impacted passwords that haven't already been changed will be auto-reset by Google, you should focus on adding two-factor authentication to your G Suite account if you don't already have it—and maybe cross your fingers that these passwords went unnoticed for 14 years.


    Original Article : HERE ; This post was curated & posted using : RealSpecific

     


    RELATED PRODUCTS
  • The Best RSS Autoblog Tool For Blogger Blogspot Blog.
  • learn how to make money from 8 to 800 per month using google adsense.
  • With the help of this software, you can achieve financial freedom and live the life that you desire.
  • Create a webinar in 10 seconds flat
  • Discover what really works online with two of the worlds top marketers.
  • GOOGLE SHOOTER THE EASIEST WAY TO MAKE MONEY ONLINE
  • Learn how you can easily create mobile apps to generate passive income.
  • Use Easy Backlinks to save time, automate your website's content and engage your followers.
  • Webinar starting RIGHT NOW (join fast) 1,820 a DAY
  • Reset Your Xp Password In 3 Easy Steps With Password Resetter
  • A Tool That Can Help You Get More Attention From Google.
  • OverPower Your SEO Competition. Get 1 Google Rankings.
  • A tool that will turn your WordPress site into a powerful marketing machine
  • Learn about the solar systems largest planet jupiter predict great red spot transit times
  • Discover How To Build Your Own Adsense Empire
  • Want to rank highly in Google Try traffic Travis, free SEO software
  • Clickbank Ads
     

    Thank you for taking the time to read our article.

    If you enjoyed our content, we'd really appreciate some "love" with a share or two.

    And ... Don't forget to have fun!

    Recommended

    TigerPress Volume 3 Theme Club

    Get all Tigerpress themes added each month, including the HTML versions and white label functionality, members also receive FREE updates and support, and also receive access to our Optimizepress 2.0 new templates added monthly for one low price.

    OptinJoy Front End Lite

    A never before seen suite of opt in tools to grab leads on auto pilot

    AIWIS

    Aiwis - The Artificial Intelligence Website Interactive System - Unlimited - The Ultimate Way To Enhance Your Marketing and Profits like NEVER Before...

    Leave a Reply