Source: www.bleepingcomputer.com – Author: Bill Toulas
Google has updated its policy for personal accounts across its services to allow a maximum period of inactivity of two years.
After that time has passed, the accounts “may” be deleted, along with all their contents, settings, preferences, and user-saved data. This includes all data stored on services such as Gmail, Docs, Drive, Meet, Calendar, Google Photos, and YouTube.
However, this new policy will not apply to Google accounts for organizations such as schools or businesses.
Google says the policy change aims to enhance online security, as inactive accounts often fall prey to account hijacking, typically due to old and weak passwords and no additional security measures.
“Starting later this year, if a Google Account has not been used or signed into for at least 2 years, we may delete the account and its contents,” said Ruth Kricheli, Google’s VP for Product Management.
“Our internal analysis shows abandoned accounts are at least 10x less likely than active accounts to have 2-step-verification set up.
“Meaning, these accounts are often vulnerable, and once an account is compromised, it can be used for anything from identity theft to a vector for unwanted or even malicious content, like spam.”
The new policy will take effect immediately, and the first accounts to reach the new inactivity threshold will be deleted in December 2023.
However, this does not mean all users who haven’t used their Google accounts for two years or longer will have their accounts deleted by the end of the year.
Google says it will start with accounts never used after their creation and will take careful, phased steps from then on.
Also, the impacted account holders will receive multiple notifications months before the account deletion happens on the provided recovery emails so that they can take action in time.
How to avoid getting your account deleted
Many people like to maintain a backup for cases when their primary Google account becomes inaccessible, or they need one for testing purposes.
Those accounts may be rarely used, but their owners may still need to retain them for their reasons.
Google says taking any of the below actions using those accounts will reset the activity counter back to zero:
- Reading or sending an email
- Using Google Drive
- Watching a YouTube video
- Downloading an app on the Google Play Store
- Using Google Search
- Using Sign in with Google to sign in to a third-party app or service
Of course, the account holders must carry out one of the above actions every two years. Still, Google will continue sending warning notices in the future to minimize the likelihood of surprise deletions.
Also, owners of backup accounts that sit idle for lengthy periods should ensure they’re using a strong password, enable two-factor authentication, and update their recovery information.
Finally, account owners can back up all their data using Google’s Takeout system or the Inactive Account Manager tool to define what happens after 18 months of inactivity.
The belief that Google accounts would last indefinitely has led countless individuals to rely on them for professional or personal purposes.
Many had naively assumed their Google accounts were invulnerable, treating them as seemingly everlasting repositories for their digital lives.
However, as Google demonstrated with this policy update, years of emails, attachments, and personal files could vanish if users fail to heed the warning and log in before the deadline.
Original Post URL: https://www.bleepingcomputer.com/news/security/google-will-delete-accounts-inactive-for-more-than-2-years/
Category & Tags: Security,Google – Security,Google