Today marks the day when Google makes good on its new policy to reserve the right to delete inactive accounts after two years of inactivity. The company defines activity as “actions you take when you sign in or while you’re signed in to your Google Account”:
Reading or sending an email
Using Google Drive
Watching a YouTube video
Sharing a photo
Downloading an app
Using Google Search
Using Sign in with Google to sign in to a third-party app or service
The move has been largely praised by cybersecurity experts, as Patrick Tiquet, VP of security & compliance at Keeper Security noted:
“Inactive accounts can present significant cybersecurity risks, as these accounts may retain weak or unchanged passwords, creating vulnerabilities for unauthorised access and potential misuse by cybercriminals for phishing attacks or data exposure.”
And Colin Little, security engineer at Centripetal agreed:
In any digital environment, inactive “clutter” equates to some level of risk. Inactive and legacy email accounts in particular are at higher risk since many are likely before the time of MFA, geo-location profiles, and other contemporary security controls. Therefore, if an inactive and legacy account suddenly becomes active, not only is the original user of that account unaware but Google themselves have no way of knowing if that activity is the authorised user or an unauthorised user abusing that account. Furthermore, because these inactive accounts predate contemporary security controls, Google has no mechanism by which to stop unauthorised access. Since it’s common for user email addresses to be used to sign up for third-party services, and those third party services to be breached and have email/password combinations stole ..
Support the originator by clicking the read the rest link below.