Is It Safe to Store Sensitive Data like Passwords on Google Drive?

You must have heard people around you talking about Google Drive, Google's cloud storage service, or you are one of 800 million users who store their passwords, photos, videos, documents, and other important files on its servers already. However, it would be very naïve to expect that all users are familiar with Google Drive when there are so many other top-notch cloud storage and file-sharing services available. If the combination of two words – Google Drive – does not say much to you too, catch a brief explanation.

Can you tell me what Google Drive is? Sure! Here we go

The most basic way to describe this service is to say that it is an online cabinet where thousands of private files, including passwords, can be stored beyond the physical drive's limits. By uploading files to Google Drive, users free up a considerable amount of disk space, but it is not the only reason it is the primary choice of 17.2% of all users using cloud services. It has turned out that a bunch of people using this service have consciously chosen it over similar cloud-based services due to such useful tools as Google Docs, Sheets, and Slides it encompasses. In other words, it is not just a place to store things; it is a place to create things too. Another good thing about Google Drive is that it can be easily reached from several different devices, including tablets, smartphones, and computers, which means that uploaded files can be accessed and even shared with other people with a few clicks from anywhere in the world. Not bad, huh?

How my files are uploaded to Google Drive?

  1. Right before files leave your computer, they are all encrypted using the TLS standard to ensure communication security.
  2. When selected files reach Google, they get decrypted and then immediately re-encrypted using 128-bit AES encryption. Technically, this happens before data is uploaded to prevent the possible data leakage.
  3. AES keys that were used to encrypt data are encrypted with a set of master keys themselves. This adds an additional layer of security.
  4. The process is reversed when the user's device tries to access data on Google Drive.

Are my files safe on Google Drive?

Google Drive has been developed to provide the highest security and privacy possible, but even the most experienced specialists working at Google cannot eliminate the biggest security flaw: the human error. In other words, careless users' actions and habits, for instance, sharing Google account password with random people might lead straight to security and privacy-related problems no matter how hard Google tries to provide its users with top-notch protection; so, unfortunately, we cannot guarantee that those personal files you have uploaded are 100% safe.

Google Drive is one of Google services, as you are probably aware. It means that it is tied to your Google account. If you do not keep your Google password safe and your account gets hacked, cyber criminals could access files uploaded to Google Drive easily too. To put it another way, your files on Google Drive are safe as long as your Google Account is secure. Keeping Google account password safe means that you cannot leave it lying around written on a piece of paper because it is only a question of time when unauthorized people will get their hands on it. Of course, we do not expect you to memorize all your passwords and logins (to our surprise, an average person has 90 online accounts), but, instead, we highly recommend that you use a trusted password manager like Cyclonis Password Manager to keep your Google password safe. Unlike ordinary password managers, Cyclonis encrypts passwords using AES-256 and keeps them all in a secure vault, making it impossible for cyber criminals to access them. You will not need to enter your password each time you log into your account too because the password manager will do it for you.

It is not the best idea to keep sensitive data like passwords on Google Drive also because you are always logged in to your Google account on at least one of your devices, e.g. your computer or your phone. In case one of the devices used is lost of left unattended, it will be very easy for someone else to access those personal files uploaded to Google Drive no matter how hard you try to hide them from prying eyes. Unauthorized people could access other services (e.g. YouTube) you log into using your Google account credentials without difficulty as well.

Files uploaded to Google Drive should stay secure if your Google password is safe and hackers cannot log into your account, so the first thing you should do after you read this article is set a secure password to make your account hack-proof. A secure password consists of no less than 14 characters with a mix of uppercase and lowercase letters plus numbers, symbols, and special characters. A secure password can be generated with a trusted password manager like Cyclonis, so you do not need to invent one yourself. Strong passwords are usually hard to remember, but it is not a problem for those who use password managers.

As the May 2017 scam that involved millions of Google Drive users has shown, cyber criminals still actively use social engineering attacks to hack people's accounts, so do not fall prey to new phishing scams that are expected to rocket in 2018. Since Google accounts are still on hackers' hit list, it would be a pure lie if we told you that you could ensure 100% safety of your passwords by keeping them uploaded on Google Drive.

What about my privacy?

There is one more thing you need to take into consideration before uploading your passwords to Google Drive. By uploading any files, you will automatically give Google permission to scan and analyze uploaded data. Additionally, according to terms of service, you will give Google “a worldwide license to use, host, store, reproduce, modify, create derivative works” from uploaded data if you use any Google services. A preceding line says: “You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.” It means that Google will not claim ownership of uploaded data, which is, undoubtedly, good news, but you still cannot ignore one simple truth: data uploaded to Google Drive is, technically, no longer completely private.

Google Drive is not the best choice for storing sensitive data even if you keep your Google account password safe and take all possible security measures to prevent it from being hacked; however, if you insist on using Google Drive, and there is nothing we can do to change your opinion, you should at least upload your sensitive data, e.g. passwords encrypted. This way, cyber criminals could not access any of your uploaded passwords even if they successfully hack your account. Additionally, it would be a smart security move to enable 2-Step Verification for your Google account, i.e. add an additional security layer to keep uploaded passwords safe and bad guys out. Many consider it a hassle, but it is worth extra effort for sure since so many passwords are stolen easily these days.

July 20, 2018

Leave a Reply