back to article So how do Google's super-smart security folk protect their data?

It's a question that occurs to many of us: if digital security is such a minefield, how do you keep your personal data safe? One person who knows about the risks is Adam Langley. As a security engineer at Google, he makes key decisions about how your data is spread around the internet. He also has access to systems that would …

  1. oldtaku Silver badge

    Yes, password manager

    This jibes with other studies that the more you actually know about security the more you're likely to use a password manager and generate huge random passwords for each site. See https://www.schneier.com/blog/archives/2014/09/security_of_pas.html , http://www.theguardian.com/technology/2015/jul/27/security-experts-keep-safe-online-password-manager-seven-things , etc. Even a text file qualifies as long as you're using really random long passwords.

    But there's still a substantial group of Dunning-Kruger types who know just enough about security to be dangerous and think they're smarter than that and come up with bizarre password or phrase generation schemes. I know one of them. He has to use password reset quite frequently because his algorithm is so clevar he can't reproduce the passwords reliably. Or maybe that's a feature! Also fairly sure if I got one of his plaintext passwords I could figure out the basic scheme... Except for the too clever by half bit.

    1. JeffyPoooh
      Pint

      Re: Yes, password manager

      Pointless. All your passwords are listed here...

      https://libraryofbabel.info/

      (Well, unless you use uppercase or numbers...)

    2. Paul Crawford Silver badge

      Re: Yes, password manager

      A password manager is a great idea - except when its web based, as you don't control that. Oh and of course if it is software on your machine, and your machine is pw0ned and you have not realised it. Or you have to you another's machine, which may be pw0ned.

      Convenience trumps security each time. Probably what we should be going for is a more universal 2FA system so you have one physically isolated dongle-like random number generator that you can register with your password, so gaining access to one or the other is not enough.

      1. oldtaku Silver badge

        Re: Yes, password manager

        Nah, in practice the benefits of a password manager generating unique long random passwords still beats anything else. In theory, yes, if anyone pwns you and cares enough to dig into your individual files, you're f@#$ed, but the odds are still way better. Unless you're a real target, nobody even cares that much - Russians have much easier prey.

        But I totally agree I'd like 2FA for every single login. That'd moot a lot of it.

        1. JakeMS

          Re: Yes, password manager

          I myself use a password manager, and like the Googler man, I use unique passwords on all websites.

          Now some serious things to take into consideration when picking a manager is "Where is my password database?" and "What extra step of security can I add?"

          Personally I'm not a big fan of the idea of having my entire password database on someone else's server.. but at the same time I need to be able to access said passwords from multiple devices.

          So some cloud is going to have to be used somewhere, in my case I picked dropbox as my database is fully encrypted.

          So what extra security? I use a "keyfile" which is only available on one very special memory-stick, this memory stick is also encrypted with LUKS and is mounted quick and hard when I need to access the DB and unmounted immediately after the DB is unlocked as such even if you get my lame human generated password for my password manager you cannot get in without the keyfile which is never copied anywhere else except that very special and very talented memory stick.

          I prefer it this way, and it is why I use KeePassX as it's portable, supports this feature and cannot be simply read as a plain text file like some other managers.

          1. Tim Brown 1
            Holmes

            Re: Yes, password manager

            If your keyfile is never copied anywhere and only kept on the memory stick, I'm assuming you actually have two very special memory sticks? One kept somewhere very safe? Otherwise what happens if the memory stick dies?

            1. JakeMS

              Re: Yes, password manager

              I loose access to all my passwords and spend the next week using password recovery forms and trying to remember websites :-).

              Wait no, can't do that as I would need access to my email account, and to do that I'd need access to my password DB. Hmm.

              ... I'm off to make a backup of that key file ...

      2. streaky

        Re: Yes, password manager

        More universal - I mean really everybody should be getting behind U2F. The devices are cheap and easy to use and the principle is sound. Still strong passwords though.

    3. Michael Wojcik Silver badge

      Re: Yes, password manager

      the more you actually know about security the more you're likely to use a password manager and generate huge random passwords for each site

      If you actually know something about security, it's quite probable you won't "generate huge random passwords for each site", because chances are excellent that many of the domains for which you need user credentials don't meet the requirements for a "huge random password" under any reasonable threat model.

      And password managers have a number of bad failure modes. Under many threat models they still offer a net advantage, but claiming that they're always a good idea is naive.

  2. Anonymous Coward
    Big Brother

    Hmmm

    NSA engineers were not miles ahead of their own efforts

    They don't need to be miles ahead. Just ahead will suffice.

    1. bazza Silver badge

      Re: Hmmm

      What does he mean by ahead anyway? Google get to read all our data anyway, it's no surprise that they're ahead of the NSA!

      Also, it's not exactly a great advert for Android for work if Google's own security bod doesn't rely on it for his company email on his mobile. If it's not good enough for him, how is it meant to be good enough for us?

      1. Hans 1

        Re: Hmmm

        >Also, it's not exactly a great advert for Android for work if Google's own security bod doesn't rely on it for his company email on his mobile. If it's not good enough for him, how is it meant to be good enough for us?

        In which cave have you been for the past 5 years ? Windows dwPhoneMobile, iOS, Android cloud-based BS are all inherently insecure ... I have been writing it on here for years, "The World won't Listen". Repeat after me, "I shall not store sensitive data on the cloud". On these platforms, your data will end up on the cloud, if you like it or not, unless you are REALLY, REALLY, REALLY careful, and even then, no guarantee.

        Worse, all three leave you open to phishing because you have no control of what apps can or can't do, no choice.

        Here in BB10 world we disable privileges we do not want to give the app. If you think your data is secure on your phone when you have whatsapp YOU SHOULD JUST JUMP OUT OF A WINDOW FROM A VERY TALL BUILDING, the human genome has enough cretins already (just look at the number of whatsapp users). Same for facebook, google+ you name it ...

        Those are THE problems and until they fix them, I will stay with BB10.

        1. Paul Shirley

          Re: Hmmm

          @Hans 1

          You understate the problem. Your data is effectively only as secure as the physical security of the device holding it. For a phone, that's 0% secure. They're easy to lose, easy to steal and there's a non-zero chance of being snatched while powered up and logged in.

          Store nothing on one you can't afford to lose.

          ...not that I'm claiming your PC is much more safe. I let mine have unimportant passwords only. I am beginning to hate 2 factor authentication though :(

      2. vortexvortex

        Re: Hmmm

        As long as mobile phones allow SIM cards owned and by 3rd parties to control the device hardware (trumping the processor and OS), then caution should be exercised.

    2. streaky

      Re: Hmmm

      Ahead.

      I mean, really, this. Bet it wasn't mentioned nor was it stated any steps to get them out their data.

      You don't need to be ahead when people are passing data around in the clear.

  3. Chris Harden

    "If you don't want it known don't use the phone"

    People forgot that somewhere.

    Aside from the firefox guy, maybe he read another meaning in to it though!

  4. oneeye

    I wanted to know what head of Android security Andrew Ludwig does,...besides lying to us about how secure these operating systems really are!

    1. This post has been deleted by its author

      1. Kevin McMurtrie Silver badge

        The irony is that Google Marshmallow considers rooted phones to be insecure, even though that's the only way to receive security patches quickly.

  5. Stuart Halliday

    So, basically what any decent IT bod should be doing? Gee... Hardly headline stuff then.

    1. This post has been deleted by its author

    2. VinceH
      Facepalm

      Yeah, when I read "So how does Adam make sure he's not taken for a ride? Not how you'd think" I was expecting some amazing revelation in the next sentence... rather than his approach being largely similar to mine.

  6. Anonymous Coward
    Anonymous Coward

    And sharing data? He keeps it off his phone

    Listen to the Google Man, he should know.

  7. Anonymous Coward
    Anonymous Coward

    So , let me get this straight..

    .. we're supposed to share all our data with Google, unless we work there?

    Why does that sound familiar?

  8. Anonymous Coward
    Anonymous Coward

    Post-it Notes sales surge.

    >and I use a lot of paper. There's some things I don't put into electrons at all.

    Yellow post-it notes in the top drawer, just like my users have been doing for years, excellent.

    1. billse10

      Re: Post-it Notes sales surge.

      current Private Eye,p11: "unlimited Post-It notes" .. recent claims .. civil servants are writing sensitive information on Post-Its to avoid being caught by Freedom of Information requests?

      1. 0765794e08
        Happy

        Re: Post-it Notes sales surge.

        This age old saying can be applied to the ‘Post-it’ note situation: "It’s not what you’ve got, it’s where you put it…"

  9. 0765794e08
    Facepalm

    Strong password? Denied!

    It’s all rather academic if the service you're using limits your account password to 6-8 characters.

    And yes, I’m looking squarely at you, UK National Savings & Investments (www.nsandi.com). For Pete’s sake, get rid of that creaking Univac or whatever it is you’re using, and get your systems up to date.

    1. Michael Wojcik Silver badge

      Re: Strong password? Denied!

      get rid of that creaking Univac or whatever it is you’re using, and get your systems up to date

      That's not necessary to fix the short-password problem, as I noted back in 2014 regarding Schwab's equally brain-dead site. Let the front end web server accept long passphrases and hash them with a cryptographic digest.1 Taking the full alphabet allowed for passwords by the backend system, use the 8 characters available for passwords on the backend system as an 8-digit number in radix N, where N is the alphabet size. Fold the hash output as necessary until it fits in that range, then express it using the alphabet.

      That still only gives you an 8-byte password, but it uses the full range of values without bias. If the backend system allows, say, English letters with case distinction and numerals, that's over 47 bits of password - large enough under most online attacks. And an attacker going against the front end either has to guess the correct long passphrase or find a collision, which requires on average ~246 attempts.2

      There's no reason why any organization of means, regardless of what back end it has hiding behind that website, can't implement this. It doesn't require any changes to the back-end system - it's all done on the web page - except for password updates, which can be handled transparently.

      Alternatively, generate an unbiased random 8-character password from the available space on the back end system, encrypt it with the user's long passphrase, and store the encrypted backend password. That's a bit less elegant (requires an additional O(1) storage) but is equally straightforward.

      1Any will do here, because we're going to be compressing and losing entropy, and preimage collision attacks against e.g. MD5 are irrelevant in this use case.

      2Note the Birthday Paradox doesn't apply here, as the attacker can't choose both preimages.

  10. Colin 29

    Pasting not allowed

    Password managers are a good idea but there seems to be a recent trend to prevent pasting into password fields that makes them difficult to use. For example I reset my ebay password the other day (I know, I know!) and had to use Firebug to turn off javascript for the page so I could paste the strong password generated by KeePass. 99% of users would have given up and used Password1.

  11. pompurin

    I've been using a YubiKey and LastPass for the last two years. Each website has a randomnly generated password which I don't know. I only know the master password for LastPass which is sufficiently long enough.

    They're a bit of an inconvenience at times, but since phones now come with NFC you can log into LastPass on your phone using 2FA as well. Some websites allow 2FA and some don't. I use it with Gmail b

    I know some people will scowl at the use of LastPass, but it has proven effective over time.

  12. Dabooka
    Black Helicopters

    Am I only the only one

    who chuckled at him being called Langley?

    '.....it was clear the NSA was much more aggressive than I would have assumed," said Langley' has more than one meaning

  13. tony2heads
    Happy

    sensitive data

    I have a password gorilla look after it

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like