Jump to content

Google Hangouts and Security

Quiver

By Quiver
in General Discussion

 Share

Recommended Posts

Quiver

Quiver

Posted
Posted

Okay. So. Uh.

 

I finally decided to get myself a gmail account, despite my general disdain for the omnipresence of the Google Overlord. 

 

Well, that's a bit harsh. The main reason I have against using google stuff is because of how much they demand personal info, like names.

 

I say "like names". Names are no problem. I don't think I've ever made an email address that used my real name...

 

But google ahs the added wrinkle of demanding a phone number, which bothers me. I don't want to give that out.

 

So... quick security question. I used my mobile to verify my google account so I could start using it. Do I need to tinker with settings to prevent people being able to phone my phone directly?

0
Link to comment
Share on other sites
Kaymyth

Kaymyth

Posted
Posted (edited)

Okay. So. Uh.

 

I finally decided to get myself a gmail account, despite my general disdain for the omnipresence of the Google Overlord. 

 

Well, that's a bit harsh. The main reason I have against using google stuff is because of how much they demand personal info, like names.

 

I say "like names". Names are no problem. I don't think I've ever made an email address that used my real name...

 

But google ahs the added wrinkle of demanding a phone number, which bothers me. I don't want to give that out.

 

So... quick security question. I used my mobile to verify my google account so I could start using it. Do I need to tinker with settings to prevent people being able to phone my phone directly?

 

Not that I know of.  I've certainly never had any trouble; I think they mostly use it for confirmation that you're a human.  Google hates spammers.

Edited by Kaymyth
0
Link to comment
Share on other sites
Brightness Enna

Brightness Enna

Posted
Posted

Okay. So. Uh.

 

I finally decided to get myself a gmail account, despite my general disdain for the omnipresence of the Google Overlord. 

 

Well, that's a bit harsh. The main reason I have against using google stuff is because of how much they demand personal info, like names.

 

I say "like names". Names are no problem. I don't think I've ever made an email address that used my real name...

 

But google ahs the added wrinkle of demanding a phone number, which bothers me. I don't want to give that out.

 

So... quick security question. I used my mobile to verify my google account so I could start using it. Do I need to tinker with settings to prevent people being able to phone my phone directly?

As far as I know, Kaymyth is right. The closest I've ever gotten to somebody actually calling me is using the voice call option for the Google Hangouts app, which is an optional download. Nobody ever uses that anyway. At least nobody in my social circles. It might be a good idea to run through the Google settings anyway to make sure that your privacy is as protected as you'd like it to be. I don't think they use your number for anything besides verification. 

0
Link to comment
Share on other sites
Eerongal

Eerongal

Posted
Posted

If you go to https://aboutme.google.com/you willl see all the personal info on your account that people can see when they look you up/you put them in your circles or whatever.

 

You can also go through their 'privacy check up' to look through everything that's available on you: https://myaccount.google.com/privacycheckup/1

 

Of probable interest to you will be in section 2 "Help people connect with you". This drives the phone number to google account interaction. Simply put, if someone has your phone number, and they try to contact you through a google service, it will auto-resolve the contact information to you. It won't go the other way around. You can turn this on or off.

 

So, for example, let's say your phone number is 555-555-5555. If you give me this number, but not your name or anything, and this number is tied to your google account, if i try to contact you through google voice/hangouts dialing, it will auto resolve to Quiver (or rather, your google account info name)

 

As far as I know, Kaymyth is right. The closest I've ever gotten to somebody actually calling me is using the voice call option for the Google Hangouts app, which is an optional download. Nobody ever uses that anyway. At least nobody in my social circles. It might be a good idea to run through the Google settings anyway to make sure that your privacy is as protected as you'd like it to be. I don't think they use your number for anything besides verification. 

 

The google hangouts app is actually super awesome. If you tie your number in to google voice, you can use it to dial out on any device you can access hangouts on. For example, i can dial with my personal number out from any PC, my phone, my tablet, or many other devices. To the other person, it comes up just like a normal phone call.

 

There is also, of course, the video/voice chat that gtalk uses, but that's a separate thing, but tied in to hangouts as well.

3
Link to comment
Share on other sites
Quiver

Quiver

Posted
  • Author
Posted

Thanks for the responses everyone..and since I already have your attention, may as well add this question here.

When I right click a file on my computer, it gives me an option to "Scan for virus". The file came from a google drive, but it was too large to view online or scan before downloading, so...

How good would a home computer virus scan be? And since I downloaded said file while logged onto sites, should I be changing passwords or deleting documents and stuff I was using/used?

0
Link to comment
Share on other sites
  • 2 months later...
Quiver

Quiver

Posted
  • Author
Posted

Okay, supplementary question, same topic. Suppose I -accidently- hit video chat. And hung up right away, but still...

Phone number. Is it now in the hands of some guy, y/n?

(I am so bad at technology. It makes being paranoid...difficult)

0
Link to comment
Share on other sites
Mestiv

Mestiv

Posted
Posted

1. The downloaded file from previous post. That is probably outdated but still. If you downloaded a file, but you didn't open/run it any way before scanning, then you should be fine. You don't need to change any passwords.

2. I don't use Hangouts, so can't help with that :(

If you like securing your internet stuff as much as you can, do you use two factor authentication for your gmail account? It's also available on many other sites like facebook and twitter.

0
Link to comment
Share on other sites
Oversleep

Oversleep

Posted
Posted

1. The downloaded file from previous post. That is probably outdated but still. If you downloaded a file, but you didn't open/run it any way before scanning, then you should be fine. You don't need to change any passwords.

2. I don't use Hangouts, so can't help with that :(

If you like securing your internet stuff as much as you can, do you use two factor authentication for your gmail account? It's also available on many other sites like facebook and twitter.

I'm not sure it's about securing but about being paranoid - the way Quiver talks about Google Overlord and not using his real name implies he doesn't want to give out his personal info to the web (question: why did you let Google know your phone number? The last I checked you don't need to do that - they keep bringing up pop-ups that I really should secure my gmail with phone number, but I ignore that. Is there a way to stop Google from trying to get my number? Some sort of "don't show that again"?).

I'll try to link a good guide to picking passwords - the policy the whole internet has (add number, uppercase character, special character, kanji, Norse Frostrune and Aon) is not really a good one.

0
Link to comment
Share on other sites
Quiver

Quiver

Posted
  • Author
Posted

(question: why did you let Google know your phone number? The last I checked you don't need to do that - they keep bringing up pop-ups that I really should secure my gmail with phone number, but I ignore that. Is there a way to stop Google from trying to get my number? Some sort of "don't show that again"?).

See, I'll totally be unsurprised if I messed that up...but when u was setting up my account, it wouldn't let me do it without giving them a number, so they could send me something to verify it.

I dunno. I'm really bad with technology, so me having made a mistake somewhere really wouldn't surprise me...

0
Link to comment
Share on other sites
  • 3 weeks later...
Nyali

Nyali

Posted
Posted (edited)

For secure passwords, try stringing three or four dictionary words together. That's both more secure than including in special symbols or numbers of capital letters, none of which actually increase the difficulty to crack the password more than a tiny bit, and it's easier to remember. I don't write my passwords and put them next to my computer - I draw them instead. Works great, makes them easy to remember, and no one can tell what my terrible artwork is supposed to be let alone realize that they're depictions of passwords.

 

EDIT: But just to be clear, the words you string together have to be random. I use a random word generator to create suggestions and pick one that I can draw easily. If you string together words from known phrases, like the names of famous people, movies, albums, bands, cleaning products, etc - it's extremely easy to crack. When forced to generate passwords with multiple dictionary words and/or names, studies show that people will generally make extremely unsecure passwords that are easy to crack because the average computer user will still pick a common phrase, just like they'd pick a single common dictionary word if given no restrictions. 

Edited by Nyali
3
Link to comment
Share on other sites
Oversleep

Oversleep

Posted
Posted (edited)

I once made a presentation named "Basic guide to Internet Safety". I don't know how to get a powerpoint file here, so I'll transcribe.
 

Strong passwords and why are you wrong about them:
Common recommendations for making „strong” passwords:

  • Adding a number
  • Uppercase letters
  • Replacing letters with symbols (eg. „o” with „0” or „a” with „4”)

But I thought that's a good idea?
The strength of the password depends on the number of all possible variations of such password: Vk (where V is the number of possible characters and k is the length of the password).

  • Adding a digit multiplies by 10
  • Uppercasing a letter multplies by 2
  • Replacing with symbol multiplies by 2 (given that there is a fixed substitution like in example above)
But adding a single additional character multiplies by 26.

So not a good idea after all.
Common "strong passwords": hard to remember, easy to guess. Example: Tr0ub4d0r&

Truly strong passwords: easy to remmeber, hard to guess. Example: rivertigerhappyborn

Choosing the password

So let's pick a few words and write them together. How to choose them?
Just remember the RULE:

  • Random: no sentences. They gotta be unrelated to each other. And they have to be truly random (more on that in Diceware section).
  • Unrelated: nothing personal. No dates, names or your favorite sports team name.
  • Long: not short. Well, it's not that all long password are strong, but none of the short ones are.
  • Exotic: no quotes. You can't pick a line from Hamlet, cause hackers check for the popular phrases.
Some math
  • 8 random characters. Let's be generous and pretend that you every character can be uppercased, replaced with one of 32 symbols or one of 10 digits (but in fact most people add numbers and special characters at the beginning or at the end of the password. Nobody chooses "unbre414akable" as the password).
    So it's 26 (characters) + 26 (uppercase) + 32(symbols) + 10 (digits) = 94 possibilites for every character in the password. (94 is the number of possible printable characters)
    948 ~= 6 * 1015
  • 4 random words [a-z] from the list of 20 000 most popular words.
    (NOTE: we're assuming the hacker KNOWS the method we used to create password. We outright told him we chose 4 of 20 000 most popular words)
    20 0004= 160 * 1015

The second method, even if the hackers know we used it (and I don't see how would he know) is about 27 times better. But pick from a larger list and choose more words (at least five is recommended if you REALLY want to be safe - I use around 2 to 4, depending on the length. More in more important passwords, like bank account) and it goes exponentially better.

Diceware
  1. Roll the dice five times
  2. Use generated number to pick a word from word list
  3. Using that method, pick at least four words
  4. ???
  5. Profit: strong password easy to remember

Why can't we just open a dictionary and pick a random word? That's because humans are bad at choosing random. It's like asking people to choose a random number, you're gonna get a lot of 7s. Human opens a dictionary with eyes closed and stabs it with his finger and then changes his mind because he doesn't want this particular word or it's too long or too complicated or anything. So he chooses again. That's how the password gets A LOT weaker than it should be.
So, no rerolls.

Password reusage
  • Why is it dangerous? Because if somebody gets your password, he gets access to everything you have anywhere. Even if you make slight changes to it, like adding different numbers at the end, he will use the password he knows to crack the other ones and it'll be a breeze.
  • What can you do to avoid resuing the same password? Well, just don't do it!
  • Why is this question redundant?

Thanks for your attention.

P.S. Do NOT write the passwords down! What's the point of having strong password if you put it at the sticker at your desk?

Edited by Oversleep
5
Link to comment
Share on other sites
Jondesu

Jondesu

Posted
Posted

Since most sites and software requires caps and symbols, I'd just mix them in between the words where they'll be memorable. If this was to be your password otherwise: whiskytangofoxtrot (which would be a terrible password, but just as an example), make it Whisky!Tango2Foxtrot, if it requires all of those types. Note that the 2 is after the second word, so I'd do that every time I used a number. The alternative is to replace a letter with a number, like replacing A with 4. Just have to do one you'll easily remember, hopefully either consistent among your passwords or that somehow matches the password, to reduce the need to write it down.

jW

0
Link to comment
Share on other sites
Nyali

Nyali

Posted
Posted

If a site requires uppercase, numbers, or symbols, I use a normal multi-word password and then put A1! at the end. Sure, it doesn't make the password more secure, but a properly generated multiword password is already far more secure than a single word with letters capitalized, replaced by numbers, or replaced by symbols.

 

 

I still stand by my drawing my work password at my desk thing. But, I also change that password constantly, and its impossible for anyone but me to tell which drawing is my current password, and I make sure not to throw away the old drawings.

1
Link to comment
Share on other sites
  • 4 weeks later...
  • 3 weeks later...
  • 2 weeks later...
  • 6 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...