Passwords no longer enough to protect users from cybercrime, former hackers say

Google has launched a key designed to protect online accounts, writes Nick Webster from Munich

Multiple security barriers are now needed to block online criminals and effectively secure sensitive information.
Beta V.1.0 - Powered by automated translation

Passwords are no longer enough to protect people from cybercrime, hackers turned Google advisors have said.

Multiple security barriers are now needed to block online criminals and effectively secure sensitive information.

At a briefing in Munich on the latest internet security advice, Google said it is committed to build powerful, easy-to-use tools that enable internet users to adjust their privacy preferences, anytime.

The company has launched its Advanced Protection Programme, a physical key inserted designed to protect online accounts to be used alongside existing security measures such as passwords and secondary authentification.

It protects against phishing sites, limits third-party access to emails and files and works to prevent hackers from pretending to be their target.

“Relying on one single factor to keep online accounts and passwords secure is no longer good enough,” said Mark Risher, director of product management at Google and account security leader of the phishing and identity services team.

“The Advanced Protection Programme has been built for high risk internet users, such as those who have a lot to lose or are vulnerable to state sponsored hacking, such as journalists, activists or citizen groups subject to persistent attacks.

“With a key, Google will refuse to give over sensitive information to suspicious websites.”


Read more:

Exclusive: Hackers target Bitcoin traders and investors in new wave of cybercrime

Safer Internet Day: we must work together to make the digital world safer for children

Close to Dh4 billion lost last year to UAE cybercrime


Google’s deep investment into technologies like machine learning can identify patterns from the subtle signalling from certain websites that look suspicious and could put users at risk.

Machine learning and blockchain technology are two of the developing methods used to make secure financial transactions and exchange private information online.

“Our investments are broad, and coming from security we know there is no silver bullet that will make all your problems go away,” Mr Risher said.

“We are always encrypting data in transit and understanding how areas can be exploited – that is what we are building our systems on, rather than one particular technology.

“With the pace of innovation, we would like to be able to help people manage all of the information that is available to them in a better way than is currently the case.”

Search and usage data helps improve Google products, keeps them safe, and with the user’s permission, tailor them to match their interests.

In 2016, the company asked more than 4,000 people from 15 countries around the world about their concerns over privacy and security.

Technology experts at the company said they were committed to keeping private information free from government backed snooping and state sponsored data interception.

“There is no direct access to information via Google for government agencies,” said Stephan Micklitz, engineering director on identity, privacy and security at Google in Munich.

“We do receive requests for information on users from law enforcement for access to data, and we review these requests, but our team will always push back as much as possible.

“We are working hard to get 100 per cent of encrypted connections to our services.

“We do a lot of work towards detecting threat, including detecting phishing sites and third party access sites.

“Our aim is to give users the tools to be able to protect themselves online.”

Google safe browsing currently protects 3 billion devices worldwide, and fields 260 million warnings a month.

When you open a browser to view a website, it may feel instantaneous but in reality, there are usually two junctions between the browser and the destination website.

If your browser is communicating with a website over a clear path protocol without any encryption, there is no guarantee the information being sent can’t be monitored, logged or tampered with.

This is called the ‘man in the middle’ security risk, where the hacker places themselves between the victim and the website they are trying to reach.

Hired hacker Parisa Tabriz, is now director of engineering at Google and responsible for Chrome.

“We’ve seen a number of ‘man in the middle’ attacks over the years, including internet service providers inserting advertisements, other organisations monitoring web traffic or governments monitoring its citizens,” she said.

“One of the larger man in the middle attacks in recent years, in 2011, was suspected to be the Iranian government trying to intercept Google Mail.

“We’ve seen a lot of examples of this. The best way to avoid this is to use encryption to transmit web content.”