Published: Thu, May 23, 2019
Tech | By Constance Martin

Google Failed To Fully Secure G Suite Passwords For 14 Years


This second batch of unhashed passwords was only stored on disk for 14 days, minimizing the bug's impact, and Google said it also didn't see any signs of abuse or improper access for passwords associated with this second bug.

While that implementation method has since been abandoned, Google also said that its investigation into the password problem revealed that some G Suite passwords were also temporarily stored in plaintext since January.

Case in point: Google's announcement on Tuesday that it stored the passwords of some G Suite users in plain text from 2005 to 2019.

Google warned that a glitch in how it implemented password recovery saw some G Suite user passwords kept in plaintext within its infrastructure. At that time, the admin console of enterprise accounts stored a copy of unhashed passwords.

Google has revealed it had left some business users' passwords exposed in plain text.

There was no indication that any of the passwords were misused, Google said, which means resetting the accounts would mostly be a precautionary measure.

STRANGER THINGS: Fans divided over Stranger Things latest raunchy season 3 teaser
In anticipation of the new series, Netflix has released a new clip featuring one of these new characters. It was the summer of '85, and when you talk about pop culture moments, New Coke was a really big deal.

The company said it has contacted G Suite administrators to change those impacted passwords, and has reset passwords for those users who have not done so already.

Hashing is a useful technique in cryptography that allows Google to give you access to your accounts without knowing your password.

The blog post read: "To be clear, these passwords remained in our secure encrypted infrastructure".

Google is the latest tech giant to announce an issue with unhashed passwords stored on its internal servers.

Google said the issue only affected its business customers, so consumers shouldn't have to rush to change their passwords.

"We take the security of our enterprise customers extremely seriously, and pride ourselves in advancing the industry's best practices for account security", said Google.

Like this: