Tech News

Google Admits Some G Suite Passwords Have Been Stored In Plaintext Since 2005

Google has announced that it has begun to notify administrators about how some passwords were inappropriately stored on its servers. The company its policy is to store user passwords with cryptographic hashes that mask passwords to ensure their security.

 However, Google recently notified a subset of its enterprise G Suite customers that some of the passwords had been stored in encrypted internal systems without hashes.

Google notes that the issue affects business users only and that no free consumer accounts were affected. Additionally, they are working with enterprise administrators of organizations that were affected to ensure that users reset their passwords.

The search giant has conducted a “thorough investigation” and found no evidence that the unhashed passwords were ever misused.

Google talks a bit about how it normally stores passwords saying that instead of remembering the exact characters of the password; it scrambles the password using a hash function to make it different than what the real password is.

The hashed password is stored with the username in its systems. Google says that it’s simple to hash passwords but nearly impossible to unhash them and steal the password.

The tech giant previously provided domain administrators with a tool to set and recover passwords after the feature was commonly requested. It notes that the functionality to recover passwords no longer exists.

Google made an error when the functionality was implemented in 2005, and the admin console was storing an unhashed password. While the practice didn’t live up to Google standards, the passwords remained in the secure encrypted infrastructure. The issue has now been fixed.

Admittedly, in January of 2019, it inadvertently stored a subset of unhashed passwords in its secure encrypted infrastructure for a maximum of 14 days. That issue has also been fixed, and Google notes that security audits will continue to ensure that the problem was an isolated incident.

Google has notified G Suite Admins to change impacted passwords, but it has also reset accounts that have not done so themselves. Google also apologized to users and promised to do better.

Edited Source: Hot Hardware

business

Share
Published by
business

Recent Posts

7 Creative Hacks to Skyrocket Your Rankings in 2024

Introduction Image Source: Freepik Conquering the ever-evolving SEO landscape can feel like deciphering a complex…

4 months ago

Looking for an SEO Edge? 7 Unorthodox Strategies for 2024

Introduction Image Source: Freepik In the ever-evolving landscape of SEO (Search Engine Optimization), staying ahead…

5 months ago

Top 10 Ghanaian Movies On Netflix 2024.

1. Taste of Sin (2023) "Taste of Sin," a production of Sami's Media and Dominion…

5 months ago

Struggling with Webinar Attendance? 7 Strategies to Get More Attendees

Introduction Image Source: Freepik Webinars offer a powerful tool for lead generation, brand awareness, and…

5 months ago

The Truth About SEO Results: How Long Does it Really Take?

Introduction Image Source: Freepik In the fast-paced world of digital marketing, patience can be a…

5 months ago

Struggling with Sales Emails? 7 Creative Hacks to Get More Results

Introduction Image Source: Freepik In today's digital age, email marketing remains a powerful tool for…

5 months ago