Google boosts security for high-risk users (but you can get it too)
Hardly a week goes by without a high-profile hacking story, and now Google is launching a new security system for those who take their data really, really seriously. The Google Advanced Protection Program builds on the company's existing two-factor authentication with a more stringent system. Despite the target audience, though, there's some good news for the rest of us.
As Google explains it, Advanced Protection is designed for those who might be a more alluring target for hackers for one reason or another, and who "are willing to trade off a bit of convenience for more protection of their personal Google Accounts." It uses USB security keys, with digital signatures and public-key cryptography. If you want access to your account, you'll need to plug your security key in first.
However, that's not the only limit Advanced Protection introduces. Given it's all too easy to inadvertently grant a malicious app access to data, those in the program will have it all locked down. Right now, Gmail and Drive access will be solely limited to Google apps, though the company says that it does expect to expand on that in the future.
Finally there are changes to the account recovery process. Since some users have lost access to their Google data after hackers pretend to be them and complete all the account recovery steps, Advanced Protection enrollees will have to go through extra review and other hurdles. Google isn't, understandably, detailing exactly what those will comprise at this point, though does say that, for those who lose both account access and both security keys, it could "take a few days" to restore access with the new, more stringent system.
According to Google, it had some specific cohorts in mind when it developed the system. Possible candidates for using the Advanced Protection Program could be "campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety," it says.
Importantly, though, while Google is billing the system as intended for particularly at-risk people, it's not limited to them. Anybody with a personal Google account can enroll if they want, though they'll need to supply a security key of course. You'll also need to be using Chrome to sign up, as your browser requires U2F standard for security key compliance. "We expect other browsers to incorporate this soon," Google said today.
Those of us with G Suite accounts, however, won't be able to sign up for Advanced Protection. Instead, Google points them – and their administrators – in the direction of existing G Suite security key provisions, along with app whitelisting.
If you're considering signing up as an individual with a consumer account, there are a few things you'll need to bear in mind. iPhone users won't be able to use the Apple Mail, Contacts, and Calendar apps, since they don't have security key support: instead, you'll need to switch to Google's own Gmail, Inbox, and Google calendar apps. On the desktop, too, you won't be able to use a third-party email app, only access Gmail in Chrome.