Wednesday, September 26, 2007

how to partition your google identity

with all the reports lately of vulnerabilities in google i suppose it's time again for me to talk about how you can mitigate the threat these vulnerabilities pose to gmail users...

i last wrote about this subject at the beginning of the year when a similar vulnerability was in the news, and i've also made my feelings on single sign-on and federated identity (the direction identity management seems to be going these days) pretty clear... these google vulnerabilities and those that came before illustrate the problem - the 'one account to rule them all' approach creates a hugely valuable (to attackers) online identity and single sign-on integration between web applications (like that which google or microsoft or any number of other players provide) makes it that much harder to mitigate vulnerabilities by following advice like "log out of gmail"...

so what if you're like me? what if you use more google apps than just gmail? what if you use blogger for example, or google reader, or google notebook, or google groups, etc... if you're like most people you use the same google account for all of them - your gmail account... it's convenient, you only need to remember one username and password, and when you visit an exploit page while still logged in to one of these other google web applications your gmail account gets pwned because logging into one logs into all...

now, of course you could always hope google fixes these problems before you get caught, or use tools like the noscript firefox extension that should be able to help most of the time, but you might not realize (as some security folks hadn't) that you can also use a non-gmail google account for those web applications... then, not only is it easier to stay logged out of gmail while using the other web applications, logging into the account used for those other applications will actually force you to log out of your gmail account...

it's really quite simple:
  1. just head over to the google accounts page and create a new account using whatever non-gmail email address you want and presto - you have a non-gmail google account...
  2. you probably already have data on those other google web applications though but that's not a problem because many of them have ways of sharing that data with other users (ex. google reader exports opml files that can be imported to a different google reader account, google docs and spreadsheets can be shared literally, blogger lets you add a different account as the blog administrator, etc)... those sharing facilities can make it easy to migrate that data from your gmail account to your non-gmail google account...
  3. then all you have to worry about is remembering another username and password, or do you? i don't, i just use passwordsafe, then i only have to remember the master password and it works across all websites - even entering the username and password for me with the press of a key... in fact, password managers like passwordsafe work outside of the web too, for virtually any windows application that takes a username and password...

now you may have noticed i only described separating your gmail identity from your other google web application accounts - this is because right now gmail seems to be by far the most interesting target for attack (everyone seems to want your contact list or your emails)... you could just as easily have a different google account for each and every web application you use without having to remember anything extra if you feel your data or identity in the other applications warrant similar protection through compartmentalization...

0 comments: