Unencrypted passwords for 14 years land Google in soup

Here’s a difficult day for Google. It disclosed that there were passwords stored in plain text for nearly fourteen years. Google says that the flaw was caused by a bug that has been around since 2005 and “some” G Suite users were affected as their passwords were left unencrypted. So far, Google hasn’t found any substantial evidence of improper password use of these users.

When it comes to password security, Google has a policy of storing them in cryptographic hashes that cover up the password’s plain text. However, it’s now been discovered that it was left in plain text for fourteen years. G Suite administrators were notified about the issue and affected users were asked to reset their passwords.

“This is a G Suite issue that affects business users only–no free consumer Google accounts were affected–and we are working with enterprise administrators to ensure that their users reset their passwords,” Google said in its blog post notifying the G Suite administrators. “We have been conducting a thorough investigation and have seen no evidence of improper access to or misuse of the affected G Suite credentials.”

As an extra sign of security, Google also said it’ll reset the passwords of those G Suite users who haven’t changed their passwords yet. Google also said: “In addition, we provide G Suite administrators with numerous 2-step verification (2SV) options, including Security Keys, which Google relies upon for its own employee accounts.”