Google is facing controversy after it recently admitted that it has ‘accidentally’ been storing user passwords in plaintext. These passwords were unprotected due to a bug and affected only a ‘small percentage of G Suite users.’
G Suite users may want to think about alternative cloud computing options. Apparently, Google has been storing passwords in plaintext due to a bug. The bug allegedly did not impact individual consumer accounts but did put business and corporate accounts in jeopardy.
Google typically stores its passwords in a cryptographically-scrambled hash. However, due to the bug, G Suite’s password recovery feature for administrators somehow allowed the passwords to be stored in the admin’s control panel. As of recently, Google has disabled the feature causing the security risk.
However, for a long time, the passwords were accessible to both authorized Google personnel and malicious hackers.
The plaintext bug is nothing new. In fact, Twitter and Facebook have both dealt with similar issues in the past year or so. However, Google is taking this a step further by auto-resetting passwords out of caution. So, kudos for taking that extra measure.
The trouble is, this bug has existed since at least 2005. Although the company claims the passwords were never compromised, 14 years is a long time for this to go under the radar.
If you’re a G Suite user, you should really add two-factor authentication and pray that your password was never compromised.
Centralized Entities and Password Storage
If you’re the least bit suspicious of Big Tech holding your data, then you should also be just as concerned about them holding your sensitive login information. We always hear about these fixes after the fact, but who knows how many more of these bugs and security breaches we can expect in the coming years? They seem to be becoming more and more common.
Trusting your personal information, either private contact information, sensitive information, passwords, or otherwise, with centralized entities is always a risk. That’s partly why a decentralized world is so necessary. If Google was an entity which operated on a distributed ledger system (i.e. blockchain), such security risks would be impossible.
However, given that we’re so far away from scaling blockchain to operate on a complex level like Google’s, it’s just an idea worth considering. The point is, we need and deserve alternatives.
Do you agree that decentralization is the path forward when it comes to Big Tech? Let us know your thoughts in the comments below.
Images courtesy of Shutterstock.