Keeping your personal information private and safe—and putting you in control

We've all been there at some point or another…
You just lost your phone and want to wipe your personal information.
You attend an event, and you want to share your photos with some people (but not everyone).
You hesitate as you download another app that's asking for a lot of information.

Everyday, we make choices that affect our privacy and security online. Most people, however, don’t feel they have the right level of control to make these important decisions. According to a recent Pew study, 93 percent of people think it’s important to control access to their personal information, and 90 percent care about the type of information that’s collected about them. But only 9 percent feel they have “a lot” of control over it. We want to change that.

Google builds simple, powerful privacy and security tools that keep your information safe and put you in control of it. At Google I/O, we announced that people will have more control over the information they provide to mobile apps in the M release, the next version of Android. Today, we’re rolling out two significant improvements to our privacy and security tools: a new hub for managing your Google settings called My Account, and a new site that answers important questions about privacy and security on Google.

Privacy and security controls, all in one place
Privacy and security are two sides of the same coin: if your information isn’t secure, it certainly can’t be private. My Account gives you quick access to the settings and tools that help you safeguard your data, protect your privacy, and decide what information is used to make Google services work better for you. It also provides more context to help you understand your options and make the right choices for you.

Here are some of the things you can do with My Account:

• Take the Privacy Checkup and Security Checkup, our simple, step-by-step guides through your most important privacy and security settings.
• Manage the information that can be used from Search, Maps, YouTube and other products to enhance your experience on Google. For example, you can turn on and off settings such as Web and App Activity, which gets you more relevant, faster search results, or Location History, which enables Google Maps and Now to give you tips for a faster commute back home.
• Use the Ads Settings tool to control ads based on your interests and the searches you’ve done.
• Control which apps and sites are connected to your account.

We built My Account to be a resource for everyone, even if you don't have a Google Account. Check out your controls at myaccount.google.com.

Answering your questions about privacy and security
We listen to feedback from people around the world to better understand their concerns about privacy and security. In addition to My Account, we want to help people find answers to common questions on these topics, such as: "What data does Google collect? What does Google do with the data it collects? What tools do I have to control my Google experience?"

Our new site, privacy.google.com, candidly answers these questions, and more. We also explain how we show relevant ads without selling your personal information, how encryption and spam filtering help keep your data safe, and how your information helps customize your experience on Google. Visit this site often to learn about new tools, features, and information that can help you make the choices that are right for you.

When you trust your personal information with us, you should expect powerful controls that keep it safe and private as well as useful answers to your questions. Today’s launches are just the latest in our ongoing efforts to protect you and your information on Google. There’s much more to come, and we look forward to your feedback.

Posted by Guemmy Kim, Product Manager, Account Controls and Settings

Protect your Google Account with Password Alert

Would you enter your email address and password on this page?

This looks like a fairly standard login page, but it’s not. It’s what we call a “phishing” page, a site run by people looking to receive and steal your password. If you type your password here, attackers could steal it and gain access to your Google Account—and you may not even know it. This is a common and dangerous trap: the most effective phishing attacks can succeed 45 percent of the time, nearly 2 percent of messages to Gmail are designed to trick people into giving up their passwords, and various services across the web send millions upon millions of phishing emails, every day.

To help keep your account safe, today we’re launching Password Alert, a free, open-source Chrome extension that protects your Google and Google Apps for Work Accounts. Once you’ve installed it, Password Alert will show you a warning if you type your Google password into a site that isn’t a Google sign-in page. This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice.

Here's how it works for consumer accounts. Once you’ve installed and initialized Password Alert, Chrome will remember a “scrambled” version of your Google Account password. It only remembers this information for security purposes and doesn’t share it with anyone. If you type your password into a site that isn't a Google sign-in page, Password Alert will show you a notice like the one below. This alert will tell you that you’re at risk of being phished so you can update your password and protect yourself.

Password Alert is also available to Google for Work customers, including Google Apps and Drive for Work. Your administrator can install Password Alert for everyone in the domains they manage, and receive alerts when Password Alert detects a possible problem. This can help spot malicious attackers trying to break into employee accounts and also reduce password reuse. Administrators can find more information in the Help Center.

We work to protect users from phishing attacks in a variety of ways. We’re constantly improving our Safe Browsing technology, which protects more than 1 billion people on Chrome, Safari and Firefox from phishing and other dangerous sites via bright, red warnings. We also offer tools like 2-Step Verification and Security Key that people can use to protect their Google Accounts and stay safe online. And of course, you can also take a Security Checkup at any time to make sure the safety and security information associated with your account is current. 

To get started with Password Alert, visit the Chrome Web Store or the FAQ.

Posted by Drew Hintz, Security Engineer and Justin Kosslyn, Google Ideas

Protecting people across the web with Google Safe Browsing

Online security is on everybody's minds these days, so we want to give you updates about various ways Google keeps you safe online. Today, on the web’s birthday, we’re highlighting recent improvements to Safe Browsing, technology that protects more than 1.1 billion people all over the world. -Ed.

As the web continues to evolve, it’s important that user protections develop in lockstep so that people stay safe online. Our Safe Browsing technology may not be quite as old as the web—which celebrates its 26th birthday today—but ever since Safe Browsing launched nearly eight years ago, it’s continually adapted to protect web users, everywhere.

Safe Browsing gives users—both on Google and across on the web—information they need to steer clear of danger. The dangerous sites detected by Safe Browsing generally fall into two categories: sites that attack users intentionally with either malware, phishing, or unwanted software that is deceptive or hard to uninstall, or sites that attack users unintentionally because they have been compromised, often without the site’s owner realizing this has happened.

Once we detect these sites, Safe Browsing warns people about them in a variety of ways. You’ve probably come across a warning like this in Chrome, Firefox or Safari; it’s powered by Safe Browsing:

Today, Safe Browsing shows people more than 5 million warnings per day for all sorts of malicious sites and unwanted software, and discovers more than 50,000 malware sites and more than 90,000 phishing sites every month. If you’re interested, you can see information about the dangerous sites that are detected by this technology anytime in our Safe Browsing Transparency Report.

We also use Safe Browsing technology to warn website owners or operators about issues with their sites so they can quickly fix them. We provide basic site maintenance tips, as well as specific Safe Browsing notifications in Webmaster Tools and Google Analytics. Often site owners don’t realize there are issues with their sites until they get these notifications.

Recent developments
Since its earliest days, Safe Browsing has been widely available, and free—for users, site owners, and other companies—to use and integrate into their own products. In the early days, we focused on detecting dangerous sites and then showing people warnings:

An early Safe Browsing notification, c. 2007. These would appear in the top right corner of people’s web browsers when they visited a site that had been flagged by Safe Browsing as potentially dangerous.

But, just as attacks become more sophisticated, we’ve made sure our own technologies have kept up. Over the years, we’ve built Safe Browsing into other Google products to help protect people in more places:

• Safe Browsing API: We already make Safe Browsing data available for free to developers. This week we’re adding information about sites that host unwanted software, allowing developers to better protect their users as well.
• Chrome: Before people visit a site delivering unwanted software, or try to download some of it, we show them a clear warning.
• Google Analytics: We recently integrated Safe Browsing notifications into Google Analytics, so site owners can quickly take action to protect their users if there are issues with their websites. Previously, we’d only provided these warnings via our Webmaster Tools service.
• Ads: We’ve also recently begun to identify ads that target people with unwanted software.

As the web grows up, Safe Browsing technology will, too. We’re looking forward to protecting the web, and its users, for many birthdays to come.

Posted by Panayiotis Mavrommatis, Safe Browsing Team

Take a Security Checkup on Safer Internet Day

Online security is on everyone’s mind these days. According to a recent Gallup poll, more people are worried about their online accounts being hacked than having their home broken into.

Security has always been a top priority for Google. Our Safe Browsing technology identifies unsafe websites and warns people before they visit them, protecting more than one billion Chrome, Firefox, and Safari users everyday. 2-Step Verification adds an extra layer of security, beyond your password, to your Google account; it’s like a second padlock on your account’s door. And our research teams regularly release new findings about nefarious online activity, like Gmail account hijacking attempts, so people can stay informed.

We have many protections in place to keep people, and their information, secure, but there's also a lot that you can do to protect yourself. Today, on Safer Internet Day, take a quick Security Checkup, an easy way to review and manage your Google Account’s security settings.

Here are some of the important items you can review during your Security Checkup:

• Recovery information: Adding a phone number can help us get in touch if you’re locked out of your account. We’ll only use your phone number to protect your account, unless you say otherwise.
• Recent activity: This is a quick overview of your recent sign-ins to Google. If you see any activity from a location or device you don’t recognize, change your password immediately.
• Account permissions: These are the apps, websites and devices connected to your Google account. Take a look and make sure you trust—and actually use—all of them. You might want to remove an old phone, or that dusty app you never use.

It takes just a few minutes to make sure your information is accurate and up to date. And as an extra thank you, we’ll add 2GB to your Drive storage plan if you complete the Security Checkup by February 17. Visit your Account Settings and take your Security Checkup today.

Posted by Andreas Tuerk, Product Manager

Transparency Report: Protecting emails as they travel across the web

When you mail a letter to your friend, you hope she’ll be the only person who reads it. But a lot could happen to that letter on its way from you to her, and prying eyes might try to take a look. That’s why we send important messages in sealed envelopes, rather than on postcards.

Email works in a similar way. Emails that are encrypted as they’re routed from sender to receiver are like sealed envelopes, and less vulnerable to snooping—whether by bad actors or through government surveillance—than postcards.

But some email is more secure than others. So to help you better understand whether your emails are protected by encryption, we’re launching a new section in the Transparency Report.

Gmail has always supported encryption in transit by using Transport Layer Security (TLS), and will automatically encrypt your incoming and outgoing emails if it can. The important thing is that both sides of an email exchange need to support encryption for it to work; Gmail can't do it alone.

Our data show that approximately 40 to 50 percent of emails sent between Gmail and other email providers aren’t encrypted. Many providers have turned on encryption, and others have said they’re going to, which is great news. As they do, more and more emails will be shielded from snooping.

For people looking for even stronger email security, end-to-end encryption is a good option—but it’s been hard to use. So today we’re making available the source code for End-to-End, a Chrome extension. It's currently in testing, and once it's ready for general use it will make this technology easier for those who choose to use it.

We encourage you to find tips about choosing strong passwords and adding another layer of protection to your account in our Safety Center. And check out Reset the Net, a broad coalition of organizations, companies and individuals coming together this week to promote stronger security practices on the web; we’re happy to be a participant in that effort.

Posted by Brandon Long, Tech Lead, Gmail Delivery Team

Helping passwords better protect you

Knowing how to stay safe and secure online is important, which is why we created our Good to Know site with advice and tips for safe and savvy Internet use. Starting today, we'll also be posting regularly with privacy and security tips. We hope this information helps you understand the choices and control that you have over your online information. -Ed.

It could be your Gmail, your photos or your documents—whatever you have in your Google Account, we work hard to make sure it’s protected from would-be identity thieves, other bad guys, or any illegitimate attempts to access your information.

But you can also help keep your information safe. Think of how upset you would be if someone else got access to your Google Account without your permission, and then take five minutes to follow the steps below and help make it more secure. Let’s start with the key to unlocking your account—your password:

1. Use a different password for each important service
Make sure you have a different password for every important online account you have. Bad guys will steal your username and password from one site, and then use them to try to log into lots of other sites where you might have an account. Even large, reputable sites sometimes have their password databases stolen. If you use the same password across many different sites, there’s a greater chance it might end up on a list of stolen passwords. And the more accounts you have that use that password, the more data you might lose if that password is stolen.

Giving an account its own, strong password helps protect you and your information in that account. Start today by making sure your Google Account has a unique password.

2. Make your password hard to guess
“password.” “123456.” “My name is Inigo Montoya. You killed my father. Prepare to die!” These examples are terrible passwords because everyone knows them—including potential attackers. Making your passwords longer or more complicated makes them harder to guess for both bad guys and people who know you. We know it’s hard: the average password is shorter than 8 characters, and many just contain letters. In a database of 32 million real passwords that were made public in 2009, analysis showed (PDF) only 54 percent included numbers, and only 3.7 percent had special characters like & or $.

One way to build a strong password is to think of a phrase or sentence that other people wouldn’t know and then use that to build your password. For example, for your email you could think of a personal message like “I want to get better at responding to emails quickly and concisely” and then build your password from numbers, symbols, and the first letters of each word—“iw2gb@r2eq&c”. Don’t use popular phrases or lyrics to build your password—research suggests that people gravitate to the same phrases, and you want your password to be something only you know.

Google doesn’t restrict password length, so go wild!

3. Keep your password somewhere safe
Research shows (PDF) that worrying about remembering too many passwords is the chief reason people reuse certain passwords across multiple services. But don’t worry—if you’ve created so many passwords that it’s hard to remember them, it’s OK to make a list and write them down. Just make sure you keep your list in a safe place, where you won’t lose it and others won’t be able to find it. If you’d prefer to manage your passwords digitally, a trusted password manager might be a good option. Chrome and many web browsers have free password managers built into them, and there are many independent options as well—take a few minutes to read through reviews and see what would be best for your needs.

4. Set a recovery option
Have you ever forgotten your password? Has one of your friends ever been locked out of their account? Setting a recovery option, like an alternate email address or a telephone number, helps give the service provider another way to contact you if you are ever locked out of your account. Having an up-to-date recovery phone or email address is the best thing you can do to make sure you can get back into your account fast if there is ever a problem.

If you haven’t set a recovery option for your Google Account, add one now. If you have, just take a second to make sure it’s up to date.

We have more tips on how to pick a good password on our Help Center, and in the video below:

Your online safety and privacy is important to you, and it’s important to us, too. We’ve made a huge amount of progress to help protect your Google Account from people who want to break into it, but for the time being, creating a unique, strong password is still an important way to protect your online accounts. Please take five minutes today to reset your important passwords using the tips above, and stay tuned for more security tips throughout the summer.

Posted by Diana Smetters, Software Engineer