Personal Blog

Critical Security Issues Found

What!!?? I did a routine check on my personal Google account and found a somewhat alarming warning. The alert said, “Critical security issues found”. Underneath that text was a link marked “Take Action”.  Clicking that button brought me to the Password Checkup section of my Google Account. Up until then I was not overly worried. Then I read that Google had found 103 compromised passwords, 570 reused passwords (which is usually not a good idea) and 516 accounts using a weak password.

Password Checkup
Password Checkup Screen in Google

A few of the compromised passwords were found in a data breach uncovered just a few days ago, while others date back several months. Some of the compromised passwords are what I would regard as low risk. These include trade magazine and online forums, event registration sites, and product sites I had signed up for with a generic username and password to get research information. Certain of the compromised sites are of greater concern including commerce sites and online applications. To make it a bit more complicated, several of the passwords indicated are related to my personal activity and others to my work. Obviously as a conscientious employee I believe my responsibility is to address the work-related password issues immediately.

Fortunately, Google makes it uncomplicated to see which usernames are used on the compromised sites, so I am able to prioritize work related issues. Logging in to the affected sites and updating passwords may not be as easy as it seems. The first work related manufacturer site did not recognize my username, which logically is my work email address. Selecting the “forgot your password” link displayed a promise that a link would be sent to my inbox, but alas it has still not arrived.  The second site related to my employer has a shared log in and will involve both the Marketing and Purchasing departments here. I requested a new log in and informed my co-workers of the issue.

I am not as worried about identity theft as I am about the time it takes to update the information. With so many variables involved fixing each individual password issue, the process could take anywhere from a minute, to as much as a quarter hour or more. Meanwhile there are deadlines, and projects to move forward. Although I am happy the information is uncovered, this will probably take longer than I would want.  

 Click on the link below for a Google Help page called “Change unsafe passwords in your Google Account”

Update I have addressed most of the serious issues but still not completely done. Dang this stuff takes time!