Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
Tech
News18 » Tech
1-min read

Google Apologizes For Saving Enterprise User Passwords in Plaintext

Google said it has notified G Suite administrators to change the impacted passwords.

IANS

Updated:May 22, 2019, 4:34 PM IST
facebookTwitter Pocket whatsapp
Google Apologizes For Saving Enterprise User Passwords in Plaintext
Google said it has notified G Suite administrators to change the impacted passwords.

Google on Wednesday extended an apology to its G Suite customers after revealing that it stored passwords of some enterprise users in plaintext for years.

Storing passwords without cryptographic hashes expose them to hacking risk as they become readable.

The issue has been around since 2005 and Google, in a statement, said it is working with enterprise administrators to ensure that the users reset their passwords.

"We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed.

"This is a G Suite issue that affects business users only -- no free consumer Google accounts were affected," said Suzanne Frey, Vice President, Engineering, Cloud Trust at Google, adding that the company neither lived up to its own standards nor those of its customers.

"We apologise to our users and will do better," she added.

If you have a Google account, Google's core sign-in system is designed not to know your password.

When you set your password, instead of remembering the exact characters of the password, the company scrambles it with a "hash function", so it becomes something like "72i32hedgqw23328", and that's what is stored with your username.

"Both are then also encrypted before being saved to disk. The next time you try to sign in, we again scramble your password the same way. If it matches the stored string then you must have typed the correct password, so your sign-in can proceed," explained Frey.

In its enterprise product G Suite, Google found that some passwords were stored unhashed in plaintext.

"To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords," Google claimed.

Google said it has notified G Suite administrators to change the impacted passwords.

Twitter recently advised all its 330 million users to change passwords owing to a breach.

Facebook in March revealed it fixed a security issue wherein millions of its users' passwords were stored in plain text and "readable" format for years and according to reports, were searchable by thousands of its employees.

After admitting it "unintentionally" uploaded emails of nearly 1.5 million of new users, Facebook later revealed that millions of Instagram passwords were also stored on its servers in a readable format.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

Read full article
Next Story
Next Story

facebookTwitter Pocket whatsapp

Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results