Maggio, 2022

Today passwords are essential to online safety, but threats like phishing, scams, and poor password hygiene continue to pose a risk to users. Google has long recognized these issues, which is why we have created defenses like 2-Step Verification and Google Password Manager.

However, to really address password problems, we need to move beyond passwords altogether, which is why we’ve been setting the stage for a passwordless future for over a decade.

Today, in honor of World Password Day, we’re announcing a major milestone in this journey: We plan to implement passwordless support for FIDO Sign-in standards in Android & Chrome. Apple and Microsoft have also announced that they will offer support for their platforms. This will simplify sign-ins across devices, websites, and applications no matter the platform — without the need for a single password. These capabilities will be available over the course of the coming year.

How will a passwordless future work?

When you sign into a website or app on your phone, you will simply unlock your phone — your account won’t need a password anymore.

Instead, your phone will store a FIDO credential called a passkey which is used to unlock your online account. The passkey makes signing in far more secure, as it’s based on public key cryptography and is only shown to your online account when you unlock your phone.

To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access. Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off.

Paving the way to passwordless

The passkey will bring us much closer to the passwordless future we’ve been mapping out for over a decade.

We’re excited for what the passkey future holds. That said, we understand it will still take time for this technology to be available on everyone’s devices and for website and app developers to take advantage of them. Passwords will continue to be part of our lives as we make this transition, so we’ll remain dedicated to making conventional sign-ins safer and easier through our existing products like Google Password Manager.

People are constantly being told to strengthen their security habits, but with so much advice — some of it conflicting — it’s hard to understand where to start or what to believe. Perhaps that’s why people go the easy route. Based on a new study we commissioned with Ipsos, nearly 20% of Americans still use common passwords like Password, abc123 and 123456.

So, we’re introducing a twist on spring cleaning this year: a digital cleaning to throw out old security advice and replace it with better practices. In honor of World Password Day today, we encourage everyone to start by leveraging the security protections built directly into our products that make every day Safer with Google.

Out with the old (cybersecurity myths)

As cybersecurity evolves, many of our old fears about it are no longer relevant or even true, especially with ongoing tech innovations. Here are a some of those myths we’re debunking today:

“It’s up to me to spot suspicious links on my own”: Phishing schemes can lead to serious cyber attacks, but by leveraging tech that is secure by default, you’re automatically protected from many of them. If you’re using Chrome or Gmail, we’ll proactively flag known deceptive sites, emails and links before you even click them, and Google Password Manager won’t autofill your credentials if it detects a fraudulent website. With the right security protections, which are set as default in Google products, less of the burden is on you.

“Avoid public Wi-Fi at all costs” The tech industry continues to make improvements to reduce security risks with public Wi-Fi, which has historically been the model for bad security practices. Websites using HTTPS provide secure connections using data encryption. Chrome offers HTTPS-First mode to prioritize those sites and makes it easy to identify protected pages with a lock icon in your web address bar. Use that as a signal for which websites to visit.

“Bluetooth is dangerous”: Bluetooth technology has come a long way since its inception. It’s far more advanced and harder to break into, especially in comparison with other technologies. However some people might still question whether Bluetooth, familiar as a pairing technology, is a secure method to help you sign in. After all, you’re used to seeing nearby devices like your phone or headphones show up on your laptop. But using current Bluetooth standards is very secure, and doesn’t actually involve pairing. It’s used to ensure your phone is near the device you’re signing in to, confirming it’s really you trying to access your account.

“Password managers are risky”: It might seem risky to entrust all your credentials in a single provider, but password managers are designed for security —and if you use ours, built directly into Chrome and Android, then you know it’s secure by default. Our research shows that 65% of people still reuse their credentials for various accounts, password managers solve that problem by creating new passwords for you and ensuring their strength. They’re also increasingly more secure, in fact, we recently launched a new on-device encryption for Google Password Manager, allowing you to keep your passwords more private and protected with your Google Account credentials before they’re sent to us for storage.

“Cybercriminals won’t waste their time targeting me”: You might not be a high-profile figure, but that doesn’t mean you’re not on cybercriminals’ radars. In fact, the everyday person is the perfect target for social engineering, which is when an attacker manipulates you into sharing personal information used for a cyber attack. Social engineers do this for a living and it’s a low cost, low effort way to reach their goals, especially in comparison to physically breaking technology or trying to target someone in the public eye. Protect yourself by being aware of social engineering and taking advantage of products that are secure by default like Gmail, Chrome, etc.

In with the new (digital spring cleaning)

Similar to how you clean out your garage each spring, we encourage you to spruce up your security. Get started with these tips and take a quick Security Checkup, which will guide you through protections that can instantly secure your Google Account.

• Use 2-Step Verification (2SV): 2SV requires a second form of verification to access your account beyond your password — which could be a code sent to your phone, security key, etc. So, if someone tries to access your account, they will have a much harder time because they’ll need your password and second form of verification. Apply 2SV to secure your Google Account today, which will also cover all the services you use Sign in with Google for, with a simple tap on your device.

• Use a Password Manager: Now that you know the truth about password managers, use one in addition to 2SV. Google Password Manager, built into Chrome and Android, will store your passwords, auto populate them for sites, create strong passwords, ensure they’re not entered into malicious sites, and alert you when they’re compromised.

• Setup Account Recovery: Things happen, we lose our phones, forget our passwords, etc., so it’s critical to have recovery in place to gain access to your account in the event you’re locked out. This is especially true since other accounts utilize your email as a recovery method, so by keeping your Google Account recoverable, you do so for your other accounts as well. We’re also working to eliminate more inactive accounts for the safety of our users, so if your account becomes inactive and we take action, recovery and 2SV enablement will ensure you don’t lose data. Add a recovery email and phone number to your accounts today and sign up for Inactive Account Manager in addition to 2SV.

• Install Updates: Finally, apply all those updates you’ve been putting off across your devices. Software updates often address critical security vulnerabilities, and with cyber threats on the rise, they’re more important than ever. Remember, there’s no IT team dedicated to maintaining your security like there may be at work, so it’s up to you to protect yourself at home. Take time to survey your mobile device, router, computer, etc., for updates.

We know security news will continue to flood your feeds today, but keep these tips in mind and freshen up your security this spring. For more security tips, and to learn about all the ways we make every day Safer with Google, visit ourSafety Center.

Mosquitoes aren’t just the peskiest creatures on Earth; they infect more than 700 million people a year with dangerous diseases like Zika, Malaria, Dengue Fever, and Yellow Fever. Prevention is the best protection, and stopping mosquito bites before they happen is a critical step.

SC Johnson — a leading developer and manufacturer of pest control products, consumer packaged goods, and other professional products — has an outsized impact in reducing the transmission of mosquito-borne diseases. That’s why Google Cloud was honored to team up with one of the company’s leading pest control brands, OFF!®, to develop a new publicly available, predictive model of when and where mosquito populations are emerging nationwide. 

As the planet warms and weather changes, OFF! noticed month-to-month and year-to-year fluctuations in consumer habits at a regional level, due to changes in mosquito populations. Because of these rapid changes, it’s difficult for people to know when to protect themselves. The OFF!Cast Mosquito Forecast™, built on Google Cloud and available today, will predict mosquito outbreaks across the United States, helping communities protect themselves from both the nuisance of mosquitoes and the dangers of mosquito-borne diseases — with the goal of expanding to other markets, like Brazil and Mexico, in the near future. 

With the OFF!Cast Mosquito Forecast™, anyone can get their local mosquito prediction as easily as a daily weather update. Powered by Google Cloud’s geospatial and data analytics technologies, OFF!Cast Mosquito Forecast is the world’s first public technology platform that predicts and shares mosquito abundance information. By applying data that is informed by the science of mosquito biology, OFF!Cast accurately predicts mosquito behavior and mosquito populations in specific geographical locations.

Starting today, anyone can easily explore OFF!Cast on a desktop or mobile device and get their local seven-day mosquito forecast for any zip code in the continental United States. People can also sign up to receive a weekly forecast. To make this forecasting tool as helpful as possible, OFF! modeled its user interface after popular weather apps, a familiar frame of reference for consumers.

The technology behind the OFF!Cast Mosquito Forecast

To create this first-of-its-kind forecast, OFF! stood up a secure and production-scale Google Cloud Platform environment and tapped into Google Earth Engine, our cloud-based geospatial analysis platform that combines satellite imagery and geospatial data with powerful computing to help people and organizations understand how the planet is changing. 

The OFF!Cast Mosquito Forecast is the result of multiple data sources coming together to provide consumers with an accurate view of mosquito activity. First, Google Earth Engine extracts billions of individual weather data points. Then, a scientific algorithm co-developed by the SC Johnson Center for Insect Science and Family Health and Climate Engine experts translates that weather data into relevant mosquito information. Finally, the collected information is put into the model and distilled into a color-coded, seven-day forecast of mosquito populations. The model is applied to the lifecycle of a mosquito, starting from when it lays eggs to when it could bite a human.

It takes an ecosystem to battle mosquitos

Over the past decade, academics, scientists and NGOs have used Google Earth Engine and its earth observation data to make meaningful progress on climate research, natural resource protection, carbon emissions reduction and other sustainability goals. It has made it possible for organizations to monitor global forest loss in near real-time and has helped more than 160 countries map and protect freshwater ecosystems. Google Earth Engine is now available in preview with Google Cloud for commercial use.

Our partner, Climate Engine, was a key player in helping make the OFF!Cast Mosquito Forecast a reality. Climate Engine is a scientist-led company that works with Google Cloud and our customers to accelerate and scale the use of Google Earth Engine, in addition to those of Google Cloud Storage and BigQuery, among other tools. With Climate Engine, OFF! integrated insect data from VectorBase, an organization that collects and counts mosquitoes and is funded by the U.S. National Institute of Allergy and Infectious Diseases.

The model powering the OFF!Cast Mosquito Forecast combines three inputs — knowledge of a mosquito’s lifecycle, detailed climate data inputs, and mosquito population counts from more than 5,000 locations provided by VectorBase. The model’s accuracy was validated against precise mosquito population data collected over six years from more than 33 million mosquitoes across 141 different species at more than 5,000 unique trapping locations.

A better understanding of entomology, especially things like degree days and how they affect mosquito populations, and helping communities take action is critically important to improving public health.

A version of this blogpost appeared on the Google Cloud blog.