Google offers its strongest ever security with new Advanced Protection Program
As part of Cybersecurity Awareness Month, Google has announced numerous security-related updates including revamped phishing protection. Now the company has also announced what it is referring to as its "strongest security, for those who need it most."
Aimed at protecting people who are most likely to find themselves the target of attacks -- Google suggests journalists and human rights workers as examples -- the new Advanced Protection Program is being made available to anyone who wants to use it. It will protect Gmail, Google Drive and YouTube data with a variety of measures including a physical authentication key.
See also:
- Google launches personalized phishing protection and updated Security Checkup tool
- Google Wifi update brings site blocking to parental controls
- Google rolls out Chrome Cleanup to help secure its web browser
In fact, the use of a physical security key -- such as a USB or wireless device -- for two-factor authentication is required. This is something which is likely to be off-putting to the average user, meaning that the Advanced Protection Program is most likely to be used by Google's target audience: the "overlooked minority of our users that are at particularly high risk of targeted online attacks."
Google notes that the increase in security means something of a convenience trade-off, but suggests that in addition to people whose work places them at risk, the feature may also appeal to "people in abusive relationships seeking safety."
It's very early days for the Google Advanced Protection Program -- the company says it has only been in testing for "several weeks" -- but it has three features at its core:
The strongest defense against phishing: Advanced Protection requires the use of Security Keys to sign into your account. Security Keys are small USB or wireless devices and have long been considered the most secure version of 2-Step Verification, and the best protection against phishing. They use public-key cryptography and digital signatures to prove to Google that it’s really you. An attacker who doesn’t have your Security Key is automatically blocked, even if they have your password.
Protecting your most sensitive data from accidental sharing: Sometimes people inadvertently grant malicious applications access to their Google data. Advanced Protection prevents this by automatically limiting full access to your Gmail and Drive to specific apps. For now, these will only be Google apps, but we expect to expand these in the future.
Blocking fraudulent account access: Another common way hackers try to access your account is by impersonating you and pretending they have been locked out. For Advanced Protection users, extra steps will be put in place to prevent this during the account recovery process -- including additional reviews and requests for more details about why you've lost access to your account.
At the moment Google Chrome is required if you want to enroll in the Advanced Protection Program, because of its support for the U2F standard for Security Keys. Google hopes that other browsers will include such support in due course.
You can sign up for Advanced Protection at g.co/advancedprotection.