Despite ever-evolving hacker tactics and industrial-strength brute-force break-in attempts, stronger security measures have reduced Gmail account takeovers by more than 99 percent, Google says.
The ebb in successful Gmail hijacks can be attributed to features users can see, such as two-step authentication, but also to behind-the-scenes features that Google uses to determine the authenticity of a Gmail sign-in attempt.
"Every time you sign in to Google ... our system performs a complex risk analysis to determine how likely it is that the sign-in really comes from you," wrote security engineer Mike Hearn on Google's official blog yesterday (Feb. 19). "In fact, there are more than 120 variables that can factor into how a decision is made."
With close to 300 million users, Gmail is the world's most popular email service. It comes as no surprise that Google's email offering is an attractive target for hackers across the spectrum — from Chinese spies to extortionists who steal private photos.
As hackers constantly find and exploit new ways to circumvent security measures, it can sometimes seem like a never-ending, uphill battle to keep them out.
"We've seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time," Hearn wrote. "A different gang attempted sign-ins at a rate of more than 100 accounts per second."
Although many of Gmail's security measures are automatic — you probably don't even notice them — two-step authentication is not. It requires users to give Google their cellphone numbers so that special codes can be texted to them when they try to log into their Gmail accounts from unfamiliar computers.
Gmail may be one of the most secure email services available, but no amount of fancy security measures are a substitute for a strong password and a vigilant and skeptical eye when opening documents and clicking on links.