If you have a Google account, Google's core sign-in system is designed not to know your password.
Google
on Wednesday extended an apology to its G Suite customers after
revealing that it stored passwords of some enterprise users in
plaintext for years.
Storing
passwords without cryptographic hashes expose them to hacking risk as
they become readable.
Keep
Reading : Business
Standard
The
issue has been around since 2005 and Google, in a statement, said it
is working with enterprise administrators to ensure that the users
reset their passwords.
"We
recently notified a subset of our enterprise G
Suite customers that some passwords were stored in our encrypted
internal systems unhashed.
"This
is a G Suite issue that affects business users only -- no free
consumer Google accounts were affected," said Suzanne Frey, Vice
President, Engineering, Cloud Trust at Google, adding that the
company neither lived up to its own standards nor those of its
customers.
"We
apologise to our users and will do better," she added.
If
you have a Google account, Google's core sign-in system is designed
not to know your password.
When
you set your password,
instead of remembering the exact characters of the password, the
company scrambles it with a "hash function", so it becomes
something like "72i32hedgqw23328", and that's what is
stored with your username.
"Both
are then also encrypted before being saved to disk. The next time you
try to sign in, we again scramble your password the same way. If it
matches the stored string then you must have typed the correct
password, so your sign-in can proceed," explained Frey.
In
its enterprise product G Suite, Google found that some passwords were
stored unhashed in plaintext.
"To
be clear, these passwords remained in our secure encrypted
infrastructure. This issue has been fixed and we have seen no
evidence of improper access to or misuse of the affected passwords,"
Google
claimed.
Google
said it has notified G Suite administrators to change the impacted
passwords.
Twitter
recently advised all its 330 million users to change passwords owing
to a breach.
Facebook
in March revealed it fixed a security issue wherein millions of its
users' passwords were stored in plain text and "readable"
format for years and according to reports, were searchable by
thousands of its employees.
No comments:
Post a Comment