/mail/community?hl=en
This content is likely not relevant anymore. Try searching or browse recent questions.
-
whether Google can identify passwords that are too widely shared 0 Recommended Answers 4 Replies 0 Upvotes
1 Recommended Answer
$0 Recommended Answers
1 Relevant Answer
$0 Relevant Answers
An institution has its email hosted by Google (I don't know the domain but I gather managed by Gmail's people). The institution's security is compromised not by Google but by the institution's people almost all failing to change their passwords from the shared default.

A solution would likely require Google (paid for by the institution) to check its servers for password hashes that are identical more often than some threshold for the same institutional customer. I'm writing here in the hope that Google can do that check. I'm not asking Google to do so (I don't represent that institution) but hoping that Google has the capability. I already got in touch with the institution and made suggestions for its security, including that it ask Google for hash counts and ask Google to help the institution force within-institution password changes and also force uniqueness or near-uniqueness through periodic reviews of hashes of all of the institution's users of institutional Gmail to see if too many are identical.

I have a Google login but not Gmail so I may not have access to relevant help pages, especially those for institutional support.
Most Relevant Answer Most Relevant Answers (0)
All Replies (4)
Most Relevant Answer
Please use the in-product “Send feedback” link to submit your request/issue directly to Google.  You will not receive a response from Google.  Rather than Gmail,  you should probably do that from one of the account settings pages.
marked this as an answer
Most relevant based on info available
-
Most Relevant Answer
I don't have Gmail (as I said), so I don't have access to anything in the product.

I'm not part of the institution in question and don't represent it, but the security lapse for institutions in this situation is startlingly vast, so Google would probably like to offer the service I described. This forum is where someone, such as you, can note a difficulty with the proposed solution before escalation.
marked this as an answer
Most relevant based on info available
Most Relevant Answer
I don't have Gmail (as I said), so I don't have access to anything in the product.
 
Google does not read these forums, and there is no way to submit feedback to Google from them.
 
 I already got in touch with the institution and made suggestions...
 
Perhaps suggest that THEY send feedback about the proposed feature.  But I think simple education of company users about good account security is a better choice than some new tool that compares encrypted passwords.
marked this as an answer
Most relevant based on info available
-
Most Relevant Answer
I already advised the institution to have everyone change default passwords, and I wasn't the first, but, as of a public news report, almost no one had (as noted above) and already their system was being abused because of that. Whether any high risk has become kinetic, I don't know, but I don't think waiting for a disaster (even current non-Google news aside) is a good plan.

I also already suggested that the institution contract with Google to help the institution force changes to widely-used passwords (as noted above), which is where my idea to count hashes comes in. Does counting them create a problem? I think not, but I wanted to be sure I'm not missing something, so I asked. For example, perhaps Google already offers the service.

Google does read some forum posts, at least in another community forum. I've already experienced that, beneficially.
marked this as an answer
Most relevant based on info available
This question is locked and replying has been disabled.
Discard post? You will lose what you have written so far.
Write a reply
10 characters required
Failed to attach file, click here to try again.
Discard post?
You will lose what you have written so far.
Personal information found

We found the following personal information in your message:

This information will be visible to anyone who visits or subscribes to notifications for this post. Are you sure you want to continue?

A problem occurred. Please try again.
Create Reply
Edit Reply
Delete post?
This will remove the reply from the Answers section.
Notifications are off
Your notifications are currently off and you won't receive subscription updates. To turn them on, go to Notifications preferences on your Profile page.
Report abuse
Google takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Go to the Legal Help page to request content changes for legal reasons.

Reported post for abuse
Unable to send report.
Report post
What type of post are you reporting?
Google takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Go to the Legal Help page to request content changes for legal reasons.

Reported post for abuse
Unable to send report.
This reply is no longer available.
/mail/threads
//accounts.google.com/ServiceLogin
You'll receive email notifications for new posts at
Unable to delete question.
Unable to update vote.
Unable to update subscription.
You have been unsubscribed
Deleted
Unable to delete reply.
Removed from Answers
Marked as Recommended Answer
Removed recommendation
Undo
Unable to update reply.
Unable to update vote.
Thank you. Your response was recorded.
Unable to undo vote.
Thank you. This reply will now display in the answers section.
Link copied
Locked
Unlocked
Unable to lock
Unable to unlock
Pinned
Unpinned
Unable to pin
Unable to unpin
Marked
Unmarked
Unable to mark
Reported as off topic
/mail/profile/0?hl=en