This talk provides an overview of how accounts got compromised and the solutions we found effective at reducing account hijhacking risks based of our experience at Google. Talk updated and recorded in March 2021
The talk starts with a data driven analysis of how accounts get compromised. Then building on this analysis it provides an in-depth overview of the various layers of defense we use at Google to protect users from account compromise. In particular we cover how to mitigate password reuse, build a strong authentication system and how to setup an Advanced Protection Program to protect users at risk of targeted attacks.