 | |
Type of site | Single sign-on |
|---|---|
| Owner | |
| URL | myaccount |
A Google Account is a user account that is required for access, authentication and authorization to certain online Google services. It is also often used as single sign-on for third party services.
| | |
Type of site | Single sign-on |
|---|---|
| Owner | |
| URL | myaccount |
A Google Account is a user account that is required for access, authentication and authorization to certain online Google services. It is also often used as single sign-on for third party services.
A Google Account is required for Gmail, Google Hangouts, Google Meet and Blogger. Some Google products do not require an account, including Google Search, YouTube, Google Books, Google Finance and Google Maps. However, an account is needed for uploading videos to YouTube and for making edits in Google Maps.
YouTube and Blogger maintain separate accounts for users who registered with the services before the Google acquisition. However, effective April 2011 YouTube users are required to link to a separate Google Account if they wish to continue to log into that service. [1]
Google Account users may create a publicly accessible Google profile, to configure their presentation on Google products to other Google users. A Google profile can be linked to a user's profiles on various social-networking and image-hosting sites, as well as user blogs.
Third-party service providers may implement service authentication for Google Account holders via the Google Account mechanism. [2]
While creating a Google account, users are asked to provide a recovery email address to allow them to reset their password if they have forgotten it, or if their account is hacked. In some countries, such as the United States, the United Kingdom and India, Google may also require one-time use of a mobile phone number to send an account validation code by SMS text messaging or voice message when creating a new account. [3] [4]
Google also offers a two-step verification option—for additional security against hacking—that requests a validation code each time the user logs into their Google account. The code is either generated by an application ("Google Authenticator" or other similar apps) or received from Google as an SMS text message, a voice message, or an email to another account. [5] [6] Trusted devices can be "marked" to skip this 2-step log-on authentication. [7] When this feature is switched on, software that cannot provide the validation code (e.g. IMAP and POP3 clients) must use a unique 16-character alphanumeric password generated by Google instead of the user's normal password. [8] [9]
Users who seek an even higher level of security protection, including users whose accounts could be attractive targets for hackers, such as celebrities, politicians, journalists, political activists and wealthy individuals, can opt-in to Google's Advanced Protection Program. This program requires the user to purchase two U2F USB keys — not for data storage, but for identity verification. The U2F keys are used to provide two-step verification during login. One is for backup purposes, in case the first is lost. The Advanced Protection Program includes further security measures to protect the user's account, such as restrictions on which applications the user can grant access to their account, and a more thorough identity verification process for regaining access to the account if the password is forgotten. [10]
On June 5, 2012, a new security feature was introduced to protect users from state-sponsored attacks. Whenever Google analysis indicate that a government has attempted to compromise an account, a notice will be displayed that reads "Warning: We believe state-sponsored attackers may be trying to compromise your account or computer." [11] [12]
The tool called 'My Activity' launched in 2016 - which supersedes Google Search history and Google Web History — enables users to see and delete data tracked by Google through the Google account. The tool shows which websites were visited using Chrome while logged in, devices used, apps used, Google products interacted with, etc. All information is laid out in a timeline-like layout. Users can choose to entirely disable tracking, or remove certain activities which they do not want to be tracked. [13]
Google may block an account for various reasons, such as "unusual activity" [14] or entering an age "not old enough" to own a Google account. [15] Reactivation is possible using web-forms, providing proof of identity through valid photos ID, [16] or a credit card payment of US$0.30. Other methods (such as sending a fax or uploading some requested document) may require human interaction and may take some "days or a couple of weeks" to be accomplished. [17]
On May 17, 2023, Google announced that, starting in December 2023, it may delete inactive accounts that had not been used or signed into for at least two years. [18] [19] The company clarified to Rolling Stone that inactive accounts with YouTube content won't be deleted after many people feared that YouTube's old music archives, and deceased users whose accounts were popular, could be lost. [20]
A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.
An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. In the simplest case, the authenticator is a common password.
Gmail is the email service provided by Google. As of 2019, it had 1.5 billion active users worldwide, making it the largest email service in the world. It also provides a webmail interface, accessible through a web browser, and is also accessible through the official mobile application. Google also supports the use of third-party email clients via the POP and IMAP protocols.
Yahoo! Mail is an email service offered by the American company Yahoo, Inc. The service is free for personal use, with an optional monthly fee for additional features. Business email was previously available with the Yahoo! Small Business brand, before it transitioned to Verizon Small Business Essentials in early 2022. Launched on October 8, 1997, as of January 2020, Yahoo! Mail has 225 million users.
The following tables compare general and technical information for a number of notable webmail providers who offer a web interface in English.
Outlook.com, formerly Hotmail, is a free personal email service offered by Microsoft. This includes a webmail interface featuring mail, calendaring, contacts, and tasks services. Outlook can also be accessed via email clients using the IMAP or POP protocols.
Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.
In computing, Google Dashboard lets users of the Internet view and manage personal data collected about them by Google. With an account, Google Dashboard allows users to have a summary view of their Google+, Google location history, Google web history, Google Play apps, YouTube and more. Once logged in, it summarizes data for each product the user uses and provides direct links to the products. The program allows setting preferences for personal account products.
A recent extension to the cultural relationship with death is the increasing number of people who die having created a large amount of digital content, such as social media profiles, that will remain after death. This may result in concern and confusion, because of automated features of dormant accounts, uncertainty of the deceased's preferences that profiles be deleted or left as a memorial, and whether information that may violate the deceased's privacy should be made accessible to family.
Apple Account, formerly known as Apple ID, is a user account by Apple for their devices and software. Apple Accounts contain the user's personal data and settings, and when an Apple Account is used to log in to an Apple device, the device will automatically use the data and settings associated with the Apple Account.
A Microsoft account or MSA is a single sign-on personal user account for Microsoft customers to log in to consumer Microsoft services, devices running on one of Microsoft's current operating systems, and Microsoft application software.
Google Authenticator is a software-based authenticator by Google. It implements multi-factor authentication services using the time-based one-time password and HMAC-based one-time password, for authenticating users of software applications.
Mozilla Persona was a decentralized authentication system for the web, based on the open BrowserID protocol prototyped by Mozilla and standardized by IETF. It was launched in July 2011, but after failing to achieve traction, Mozilla announced in January 2016 plans to decommission the service by the end of the year.
The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols developed by the FIDO Alliance. It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows storing static passwords for use at sites that do not support one-time passwords. Google, Amazon, Microsoft, Twitter, and Facebook use YubiKey devices to secure employee accounts as well as end-user accounts. Some password managers support YubiKey. Yubico also manufactures the Security Key, a similar lower-cost device with only FIDO2/WebAuthn and FIDO/U2F support.
Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) or near-field communication (NFC) devices based on similar security technology found in smart cards. It is succeeded by the FIDO2 Project, which includes the W3C Web Authentication (WebAuthn) standard and the FIDO Alliance's Client to Authenticator Protocol 2 (CTAP2).
Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.
The American cloud storage and file synchronization company Dropbox Inc. had several security and privacy controversies. Issues include a June 2011 authentication problem that let accounts be accessed for several hours without passwords; a July 2011 privacy policy update with language suggesting Dropbox had ownership of users' data; concerns about Dropbox employee access to users' information; July 2012 email spam with reoccurrence in February 2013; leaked government documents in June 2013 with information that Dropbox was being considered for inclusion in the National Security Agency's PRISM surveillance program; a July 2014 comment from NSA whistleblower Edward Snowden criticizing Dropbox's encryption; the leak of 68 million account passwords on the Internet in August 2016; and a January 2017 accidental data restoration incident where years-old supposedly deleted files reappeared in users' accounts.
Web Authentication (WebAuthn) is a web standard published by the World Wide Web Consortium (W3C). WebAuthn is a core component of the FIDO2 Project under the guidance of the FIDO Alliance. The goal of the project is to standardize an interface for authenticating users to web-based applications and services using public-key cryptography. WebAuthn credentials that are available across multiple devices are commonly referred to as passkeys.
Passwordless authentication is an authentication method in which a user can log in to a computer system without entering a password or any other knowledge-based secret. In most common implementations users are asked to enter their public identifier and then complete the authentication process by providing a secure proof of identity through a registered device or token.
OnlyKey is a multi-function hardware security key combining features of a password manager, two-factor authentication (2FA) token, file encryption token, and secure storage device. The device incorporates hardware storage for password and username combinations, while also acting as a portable password manager.
As email, documents, and almost every aspect of our professional and personal lives moves onto the "cloud"—remote servers we rely on to store, guard, and make available all of our data whenever and from wherever we want them, all the time and into eternity—a brush with disaster reminds the author and his wife just how vulnerable those data can be. A trip to the inner fortress of Gmail, where Google developers recovered six years' worth of hacked and deleted e‑mail, provides specific advice on protecting and backing up data now—and gives a picture both consoling and unsettling of the vulnerabilities we can all expect to face in the future.
