Check your Chrome settings now.
Jaap Arriens/NurPhoto
Google warns that “defending against account takeovers” is getting harder, as hackers intensify their efforts to steal passwords, multi-factor authentication tokens and cookies. While losing your Google account is a nightmare, it could be much worse than that. It could let those hackers gain access to all your non-Google accounts as well.
If you sync Google Chrome across your devices, you will likely be alarmed to know just how much data Chrome harvests and stores under your account on Google’s cloud. That means private and sensitive data that has nothing to do with Google. All there for the taking, if hackers successfully steal your credentials.
ForbesFBI Warns iPhone And Android Users—Stop Making These CallsBy Zak Doffman
“Get your bookmarks, passwords and more on all your devices,” Google says. “When you sign in to Chrome, you can save info in your Google Account. You can then use your info on all your devices where you’re signed in with the same account.”
That includes “bookmarks, history and open tabs, passwords, payment info, addresses, phone numbers, payment info that you saved to Google Pay, passwords that you saved to your Google Account and addresses that you saved to your Google Account.”
You can enable or disable Chrome Sync from the browser’s settings. You can choose to “sync everything” or “customize” your own list. That means you could disable passwords or payment info from being sync’d across all your devices. Inconvenient, yes, but safer, because that sync works through Google’s cloud, secured by your account sign-in.
There is a separate issue. Google’s password manager is really just Chrome’s password manager, and security experts caution against saving passwords in browsers. This is because a single password opens your accounts and accesses your passwords, and your passwords are at risk from browser attacks, which are not uncommon.
You’re safer and more secure with a standalone password manager.
ForbesIs Your Boss Using New Microsoft And Google Updates To Spy On You?By Zak Doffman
You must also make sure you have added a passkey to your Google account, and a form of multi-factor authentication that’s not SMS. America’s cyber defense agency hasd just warned Google account holders to “disable other, less secure forms of MFA” and to “review existing passwords to ensure they are long, unique, and random.”
Check and update your Chrome Sync settings now. You can also reset your Sync to delete past data and ensure nothing dangerous is lurking in your cloud account.