Google will purge inactive accounts as a security measure

17 May 2023

Image: © Andreas Prott/Stock.adobe.com

The new policy is set to begin at the end of the year, due to concerns that these accounts are more at risk of being compromised and used for cybercrime.

Google will soon delete accounts that have been inactive for two years due to the security risks these accounts pose.

The company’s updated policy will apply to personal accounts “across our products” and will come into effect at the end of this year. Accounts for organisations such as schools and businesses will not be affected by the policy change.

Any content associated with these inactive accounts is also at risk of being deleted, such as content on YouTube, Google Photos, Drive, Calendar and more.

The company said inactive accounts are more likely to be compromised, even with protections the tech giant has in place to prevent issues like phishing and account hijacking.

Google VP for product management Ruth Kricheli said older accounts are more likely relying on use old or re-used passwords that may have been compromised and are far less likely to have two-factor authentication measures in place.

Google claims abandoned accounts are “at least 10 times less likely” to have two-factor authentication set up, based on the company’s internal analysis.

“These accounts are often vulnerable, and once an account is compromised, it can be used for anything from identity theft to a vector for unwanted or even malicious content, like spam,” Kricheli said.

Google said it will implement a “phased approach” in deleting accounts, starting with those that were created and never used again. These accounts and their recovery emails will also receive multiple notifications leading up to the deletion.

“The simplest way to keep a Google account active is to sign-in at least once every 2 years,” Kricheli said. “If you have signed into your Google account or any of our services recently, your account is considered active and will not be deleted.”

In the announcement, Kricheli said that users will need to “specifically sign in to Google Photos every 2 years” in order to ensure this content is not deleted.

Google rolled out passkeys for users earlier this month, as the company believes they are a more secure way for users to sign in compared to passwords.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com