CATEGORIES
home News

Google Admits Some G Suite Passwords Have Been Stored In Plaintext Since 2005

by Shane McGlaunWednesday, May 22, 2019, 08:15 AM EDT

Google has announced that it has begun to notify administrators about how some passwords were inappropriately stored on its servers. Google says that its policy is to store user passwords with cryptographic hashes that mask passwords to ensure their security. However, Google recently notified a subset of its enterprise G Suite customers that some of the passwords had been stored in encrypted internal systems without hashes.

gsuite

Google notes that the issue affects business users only and that no free consumer accounts were affected. Google says that it is working with enterprise administrators of organizations that were affected to ensure that users reset their passwords. The search giant has conducted a "thorough investigation" and found no evidence that the unhashed passwords were ever misused.

Google talks a bit about how it normally stores passwords saying that instead of remembering the exact characters of the password; it scrambles the password using a hash function to make it different than what the real password is. The hashed password is stored with the username in its systems. Google says that it's simple to hash passwords but nearly impossible to unhash them and steal the password.

Google previously provided domain administrators with a tool to set and recover passwords after the feature was commonly requested. It notes that the functionality to recover passwords no longer exists. Google made an error when the functionality was implemented in 2005, and the admin console was storing an unhashed password. While the practice didn't live up to Google standards, the passwords remained in the secure encrypted infrastructure. The issue has now been fixed.

Google also admits that in January of 2019, it inadvertently stored a subset of unhashed passwords in its secure encrypted infrastructure for a maximum of 14 days. That issue has also been fixed, and Google notes that security audits will continue to ensure that the problem was an isolated incident. Google has notified G Suite Admins to change impacted passwords, but it has also reset accounts that have not done so themselves. Google also apologized to users and promised to do better.

Tags:  Google, security, (nasdaq:goog), g suite
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment