Google warns that "account protection" is becoming increasingly complex as hackers intensify their efforts to steal passwords, multi-factor authentication tokens, and cookies.
According to Forbes, losing a Google account can allow hackers to access all of a user's other accounts that are not Google-related.
The company noted that losing a Google account could grant malicious actors access to other services if users sync their Chrome browser across devices. It is highlighted that Chrome stores a significant amount of data in the user's cloud account: bookmarks, history, open tabs, passwords, addresses, phone numbers, and payment information, including those linked to Google Pay. In the event of a successful breach, this data could be compromised.
Google reminded users that Chrome synchronization can be disabled or configured separately for different types of data. Opting out of syncing passwords or payment information reduces convenience but enhances security, as information will not be stored in the cloud.
There is another concern. The publication notes that the Google password manager is essentially just a Chrome password manager, and security experts warn against storing passwords in browsers. This is because one password can open your accounts and expose your passwords to browser attacks, which are common.
Currently, experts also recommend that users add a passkey and use multi-factor authentication, opting out of less secure methods, such as SMS. The U.S. Cybersecurity Agency has warned Google account holders to "disable other, less secure forms of multi-factor authentication" and "check existing passwords to ensure they are long, unique, and random."
Additionally, Google suggested users check their Chrome sync settings and reset them if needed to remove outdated data from the cloud storage.
As previously reported, Google recently updated the password manager in Chrome. The browser received a new feature that allows it to automatically change weak or compromised passwords. This new feature automates the process: if the browser detects a vulnerable password, it suggests replacing it and generates a strong alternative on supported sites, making changes automatically.
