I've had a Gmail account since they were introduced. I have an easy to remember account name, and Gmail includes a lot of nice features like checking other accounts via POP3, mail forwarding, and mail filters. They also have the best spam filter I've been able to find. As a result, a few years ago, I started sending all of my email through Gmail just to deal with the spam.
To their credit, Google offers really great security for Google accounts. They came out with Google Authenticator a while ago, and they support U2F and other common two-factor authentication. They make it easy to see which applications have access to different parts of your google account and what bits of data have been accessed. It's all well thought out and quite secure. Except...
Google makes Android available to anyone. The core portion is Open Source, and they license a lot of the add-ons under a pretty open license. As a result, lots of companies make Android devices. Unfortunately, those companies do not have the same focus on or understanding of security as Google. Most of the Android phone makers have had significant vulnerabilities, and they tend to be slow about patching them.
As a result, there's one giant hole in Google's security armor: devices. When you authorize a device like a phone or a TV, that device gets full access to everything in your Google account. Your $20 Walmart cell phone can read, delete, or forward all of your mail. So can that Android TV that hasn't updated in a year. And, the Internet of Things (IoT) is here. Everybody wants to make "smart" lamps, coffee machines, door locks (!), etc. And by "smart", they mean, "vulnerable to anyone in the world with an internet connection." My TV wants me to sign in with my Google account. My printer wants me to sign in with my Google account. My router wants me to sign in with my Google account. My wireless light switch wants to use my Google account. And if any one of those devices is compromised, there goes more than a decade worth of email, including not just the last messages from a few people who are no longer here, but messages from my bank, my retirement account, and from the government.
As a way to mitigate some of this risk, I've taken two steps:
First, I created a Google account for my devices, and I added the device account to our Google Families group. That way, I can log in to the TV with the device account and the TV can still show movies that I've purchased with my own account. But, if the TV is compromised, it won't have access to my main Google account. The same for printers, routers, tablets, etc. Unfortunately, it does make ordering new movies more complicated.
The other thing I've done is to create an "Important stuff" email address at Protonmail. Protonmail is very concerned about security, and their design is pretty good. I've enabled two-factor authentication (they use Google Authenticator, so I didn't even have to install a new app), and I don't give out that address to anyone except my bank, government, tax people, etc. If a missed message could ruin my life or get me thrown in jail, it's sent there. It's also the backup address for my Gmail account, my cell phone carrier, and my ISP. And, since I don't use it for routine mail, almost every message to that address is important. Protonmail even has a nice feature where, if a message comes in and I don't check it for 24 hours, they'll send a reminder to my Gmail address.
The downside: Now, I have two more accounts to keep an eye on. Two more sets of usernames, passwords, and Google Authenticator keys to track.
Will this be more secure? I don't know. It feels like I've limited exposure and segregated roles, which is a good security pattern. But, it might just be more complicated. I guess time will tell.
To their credit, Google offers really great security for Google accounts. They came out with Google Authenticator a while ago, and they support U2F and other common two-factor authentication. They make it easy to see which applications have access to different parts of your google account and what bits of data have been accessed. It's all well thought out and quite secure. Except...
Google makes Android available to anyone. The core portion is Open Source, and they license a lot of the add-ons under a pretty open license. As a result, lots of companies make Android devices. Unfortunately, those companies do not have the same focus on or understanding of security as Google. Most of the Android phone makers have had significant vulnerabilities, and they tend to be slow about patching them.
As a result, there's one giant hole in Google's security armor: devices. When you authorize a device like a phone or a TV, that device gets full access to everything in your Google account. Your $20 Walmart cell phone can read, delete, or forward all of your mail. So can that Android TV that hasn't updated in a year. And, the Internet of Things (IoT) is here. Everybody wants to make "smart" lamps, coffee machines, door locks (!), etc. And by "smart", they mean, "vulnerable to anyone in the world with an internet connection." My TV wants me to sign in with my Google account. My printer wants me to sign in with my Google account. My router wants me to sign in with my Google account. My wireless light switch wants to use my Google account. And if any one of those devices is compromised, there goes more than a decade worth of email, including not just the last messages from a few people who are no longer here, but messages from my bank, my retirement account, and from the government.
As a way to mitigate some of this risk, I've taken two steps:
First, I created a Google account for my devices, and I added the device account to our Google Families group. That way, I can log in to the TV with the device account and the TV can still show movies that I've purchased with my own account. But, if the TV is compromised, it won't have access to my main Google account. The same for printers, routers, tablets, etc. Unfortunately, it does make ordering new movies more complicated.
The other thing I've done is to create an "Important stuff" email address at Protonmail. Protonmail is very concerned about security, and their design is pretty good. I've enabled two-factor authentication (they use Google Authenticator, so I didn't even have to install a new app), and I don't give out that address to anyone except my bank, government, tax people, etc. If a missed message could ruin my life or get me thrown in jail, it's sent there. It's also the backup address for my Gmail account, my cell phone carrier, and my ISP. And, since I don't use it for routine mail, almost every message to that address is important. Protonmail even has a nice feature where, if a message comes in and I don't check it for 24 hours, they'll send a reminder to my Gmail address.
The downside: Now, I have two more accounts to keep an eye on. Two more sets of usernames, passwords, and Google Authenticator keys to track.
Will this be more secure? I don't know. It feels like I've limited exposure and segregated roles, which is a good security pattern. But, it might just be more complicated. I guess time will tell.
Very interesting.
ReplyDelete