Experts at Google are warning that "account protection" is becoming increasingly complex due to the rising activity of hackers attempting to steal passwords, multifactor authentication tokens, and cookies.
According to Forbes, losing access to a Google account can allow hackers to gain entry to all other accounts of the user that are not associated with Google.
They emphasized that if a user synchronizes their Chrome browser across devices, compromising a Google account may grant access to other services. Chrome stores a vast amount of data in the user's cloud account, including bookmarks, history, open tabs, passwords, addresses, phone numbers, and payment information, including data linked to Google Pay. In the event of a successful breach, this information could fall into the hands of cybercriminals.
Google also reminds users that Chrome synchronization can be turned off or configured separately for different types of data. Users can choose not to synchronize passwords or payment information, which decreases convenience but enhances security as the information will not be stored in the cloud.
There is another issue. As noted by the publication, Google’s password manager is essentially just the Chrome password manager, and security experts advise against storing passwords in browsers. This is because a single password can grant access to all your accounts, and your passwords are vulnerable to browser-based attacks, which are quite common.
Currently, experts also recommend that users add a passkey and utilize multifactor authentication, moving away from less secure options like SMS. The U.S. Cybersecurity Agency has alerted Google account owners to "disable other, less secure forms of multifactor authentication" and to "check existing passwords to ensure they are long, unique, and random."
Additionally, Google advises checking Chrome synchronization settings and resetting them if necessary to remove outdated data from the cloud storage.
As previously reported, Google recently updated the password manager in Chrome. The browser received a feature that allows it to automatically change weak or compromised passwords. This new feature automates the process: if the browser detects a vulnerable password, it suggests replacing it, and on supported sites, generates a strong alternative and makes the changes automatically.
