Google Steps Up GMail Security

Google has announced two new security measures for its Gmail service: a partnership with eBay and PayPal to reduce phishing attacks, and a tool to warn users if somebody may have illicitly accessed their mailbox.

The firm has teamed up with the auction and money transfer sites because they are two of the most common targets for phishing, a technique where hackers send emails that appear to be from the company and include links to bogus sites in the hope of capturing user names and passwords.

Gmail already highlights potentially suspicious emails with a red box and removes any links those messages contain. They've also previously adopted the DomainKeys technology, a scheme developed by Yahoo by which major firms can attach an encrypted 'stamp' to emails. Email companies can then check the keys against a register of which stamps are allocated to which firms.

The system only works if firms use their keys on every message, which is what eBay and PayPal have now agreed to do. The result is that Gmail will now simply delete any message claiming to be from either firm that doesn't have the correct key. (Source: blogspot.com)

Google's also reducing another security risk. Because it's a web-based service, it's possible to be logged on to a Gmail account from more than one device at a time, for example a home computer and a smart phone, if the user doesn't log out properly. (Source: betanews.com)

The search engine is also introducing a tool which gives users a list of which computers have accessed their accounts and at what time. This should mean users can spot any suspicious activity. They'll even have the ability to automatically disconnect anyone on any machine who is accessing their account at that moment.

It's unclear if this is a sign of initiative on the behalf of Google, or if it's a deliberate attempt to put recent controversy about the prominence of its privacy policy behind it.