Google Unveils New Security Protections For High-risk Users


Other authentication factors, like codes sent via SMS or the Google Authenticator app, will no longer work. Despite the target audience, though, there's some good news for the rest of us.

Google on Tuesday launched a set of more stringent security measures for its account holders in response to an increase in the use of sophisticated, targeted hacking techniques that comuter security firms say are often politically motivated. They use public-key cryptography and digital signatures to prove to Google that it's really you. This process will "take a few days".

"Advanced Protection" is not designed for everyday folks, and you can tell because of its severe trade-offs. Given it's all too easy to inadvertently grant a malicious app access to data, those in the program will have it all locked down.

Finally there are changes to the account recovery process. First and foremost, users with Advanced Protection are required to use physical security keys to login to their accounts.

The new Security Checkup is created to assist users with making their accounts more secure and offers plenty of helpful hints and tips on how to do this.

These might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety.

Importantly, though, while Google is billing the system as intended for particularly at-risk people, it's not limited to them.

The program is open to anybody with a personal Google Account, though users will need to have a Physical Key, as well as Chrome for sign-up. The users will only be able to use the Chrome browser to access signed-in services like Gmail or Photos. Instead, Google points them - and their administrators - in the direction of existing G Suite security key provisions, along with app whitelisting.

The setting makes it more hard for attackers to access users' accounts, in part because it requires the use of a hardware key to log in - a USB device for desktops and laptops and a Bluetooth unit for mobiles.

Advanced protection users will have their data walled off from access by any non-Google third-party applications, such as the Apple iOS mail client or Microsoft Outlook.