Google: Change your password twice a year to keep safe

Google offers some safety tips for Internet users in an online checklist

Change your passwords twice a year and never reuse them. Those are a few of the tips Google lists in an online security checklist that helps people stay one step ahead of the scammers.

With most Internet users now wary of spam messages, fraudsters have increasingly focused on popular Web services such as Gmail, Facebook, Yahoo, and Hotmail. They break into accounts and then send their messages to the victim's contacts, hoping that the spam will be more effective because it comes from a friend. "People are far more likely to respond to a message from someone they know," said Andrew Brandt, lead threat researcher with antivirus vendor Webroot, speaking via instant message.

The spam can include links to fraudulent pharmaceutical Web sites, phoney phishing pages, or pleas for money. In one scam that has been run for more than a year now, the criminal pretends that he's trapped in a foreign country and asks friends of his victim to wire him funds.

Victims usually don't know how their accounts were compromised, but according to Google there are several ways this can happen. User names and passwords are often stolen in phishing attacks, or via malicious software that records them as they are typed into the computer. Sometimes the criminals hack into Web sites that are linked to Google accounts. "If that site is hacked and your sign-in information is discovered, the hijacker has easy access to your Google Account,' wrote Priya Nayak, an online operations strategist with Google in a Friday blog posting.

And sometimes the bad guys simply guess right. "You use a password that’s easy to guess, like your first or last name plus your birth date ('Laura1968'), or you provide an answer to a secret question that’s common and therefore easy to guess, like 'pizza' for 'What is your favorite food?,'" Navak wrote.

Keeping your password changed, and using one that's hard to guess, can help thwart many of these techniques.

Webroot's Brandt said that Google's advice for twice-yearly changes is reasonable. He thinks people should change their passwords as often as they can. "I change my passwords at least four times a year, but I'm a security nerd and use password manager software which generates the passwords and reminds me to change them."

Brandt users a password manager that comes with Webroot's security software, but there are free options too. LastPass and Keepass are two popular choices.

Even with password managers, it's a chore to keep on top of all the different log-in information that most people need to surf the Internet. But for important accounts, the work is worth it, according to Google.

"Online accounts that share passwords are like a line of dominoes," Nayak wrote. "When one falls, it doesn’t take much for the others to fall, too. This is why you should choose unique passwords for important accounts like Gmail (your Google Account), your bank, commerce sites, and social networking sites."

Released last week, Google's checklist includes 18 basic security tips that everyone using the Internet should know.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesGooglesecurityinternet

More about Andrew Corporation (Australia)FacebookGoogleHotmailWebrootYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Robert McMillan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place