Experts at Google warn that the "protection against account takeover" is becoming increasingly complex as hackers ramp up their efforts to steal passwords and multi-factor authentication tokens.
According to Forbes, losing a Google account could give hackers access to all of a user's accounts that are not associated with Google.
The company explained that losing access to Google could also expose users to attacks on other services if they synchronize their Chrome browser across devices. Chrome stores a considerable amount of data in the user's cloud account, including bookmarks, history, open tabs, passwords, addresses, phone numbers, and payment information, including those linked to Google Pay. If hackers succeed, this information could become available to them.
Google reminded users that Chrome synchronization can be turned off or configured separately for different types of data. Users can opt-out of syncing passwords or payment information—this decreases convenience but enhances security as the information won't be stored in the cloud.
There is another issue as well. The publication notes that Google's password manager is essentially just the Chrome password manager, and security experts warn against storing passwords in browsers. This is because one password can unlock your accounts and give access to your passwords, while your passwords are at risk from browser attacks, which happen frequently.
Currently, experts also recommend users add a passkey and use multi-factor authentication, moving away from less secure options like SMS. The U.S. Cybersecurity Agency has warned Google account owners to "disable other, less secure forms of multi-factor authentication" and to "check existing passwords to ensure they are long, unique, and random."
Furthermore, Google advised users to review their Chrome synchronization settings and reset them if necessary to remove outdated data from the cloud storage.
As we mentioned earlier, Google recently updated its password manager in Chrome. The browser received a feature that allows it to automatically change weak or compromised passwords. This new feature automates the process: if the browser detects a vulnerable password, it suggests replacing it and generates a strong alternative on supported sites, making changes automatically.
