Friday, October 21, 2011

Maintaining YouTube Account Security


It’s always a good time for a reminder on account security, right? We thought we’d take a moment to remind you of the things you can do to better protect your Google Account. This is especially important to Partners, because your account log-in holds the key to your YouTube channel.

Stay one step ahead of the bad guys
Account hijackers prey on the habits of the average Internet user. Understanding common hijacking techniques and using better security practices will help you stay one step ahead of them.

The most common ways hijackers can get access to your password are:
  • Password re-use: You sign up for an account on a third-party site with your Google username and password. If that site is hacked and your sign-in information is discovered, the hijacker has easy access to your Google Account.
  • Malware: You use a computer with infected software that is designed to steal your passwords as you type (“keylogging”) or grab them from your browser’s cache data.
  • Phishing: You respond to a website, email, or phone call that claims to come from a legitimate organization and asks for your username and password.
  • Brute force: You use a password that’s easy to guess, like your first or last name plus your birth date (“Laura1968”), or you provide an answer to a secret question that’s common and therefore easy to guess, like “pizza” for “What is your favorite food?”
As you can see, hijackers have many tactics for stealing your password, and it’s important to be aware of all of them.

Take control of your account security across the web
Online accounts that share passwords are like a line of dominoes: When one falls, it doesn’t take much for the others to fall, too. This is why you should choose unique passwords for important accounts like your Google Account, your bank, commerce sites, and social networking sites.

Choosing a unique password is not enough to secure your Google Account against every possible threat. That’s why we’ve created an easy-to-use checklist to help you secure your computer, browser, Gmail, and Google Account. We encourage you to go through the entire checklist, but want to highlight these tips:
  • Never re-use passwords for your important accounts like online banking, email, social networking, and commerce.
  • Enroll in 2-step verification. 2-step verification adds an extra layer of security to your account by requiring you to sign in with something you know (your password) and something you have (a code sent to your phone). To turn on 2-step verification, follow the instructions on the 2-step verification setup page.
  • Change your password periodically, and be sure to do so for important accounts whenever you suspect one of them may have been at risk. Don’t just change your password by a few letters or numbers (“Aquarius5” to “Aquarius6”); change the combination of letters and numbers to something unique each time.
  • Never respond to messages, non-Google websites, or phone calls asking for your Google username or password; a legitimate organization will not ask you for this type of information. Report these messages to us so we can take action. If you responded and can no longer access your account, visit our account recovery page.
Remember, YouTube will never send an unsolicited message asking for a password or other sensitive information by email or through a link.

The YouTube Team