Google's New High-Security Option for Google Accounts

[Fetzie]

 

 

Google has introduced a new, increased security option for Google Accounts.

 

Quote

The Advanced Protection Program safeguards the personal Google Accounts of those most at risk of targeted attacks—like journalists, business leaders, and political campaign teams.

 

Phishing is one of the most common techniques hackers use to gain access to your account or personal information. For example, phishing emails or fake sign-in pages could trick you into revealing critical information, like your password.

To provide the strongest defense against phishing, Advanced Protection goes beyond traditional 2-Step Verification. You will need to sign into your account with a password and a physical Security Key. Other authentication factors, like codes sent via SMS or the Google Authenticator app, will no longer work.

 

Essentially, it adds an additional level of protection to your Google account - a physical key. You can register a physical key as well as a bluetooth dongle with your account. This code generator key will be required to log in on a new device. Codes from software authenticators and mobile phone verification attempts will no longer be valid.

 

Advanced Protection bans all third party applications from accessing your account.

 

Quote

Accessing Gmail & Drive

• Third-party apps that want access to Gmail or Drive will no longer have permission. For secure access, you will need to use the Gmail app or Inbox by Gmail.

Google services on the web

• You will only be able to use the Chrome browser to access signed-in services like Gmail or Photos.

iOS Support

• Apple Mail, Contacts, and Calendar apps do not currently support Security Keys and will not be able to access your Google data. Instead, you can use the Gmail, Inbox, or Google calendar apps on iOS.

 

This means that third party applications, for example honey pots placed by security services or criminals, will no longer be able to access your Google account. It unfortunately also means no more importing of your Google calendar to Outlook, using the default Mail app on your iPhone or even logging into Gmail on a browser that isn't Chrome.

 

Additionally, there are more hoops to jump through to recover your account than usual if you lose your Security Keys and your account credentials.

Quote

A common way that hackers try to gain access to your account is by impersonating you and pretending they have been locked out of your account.

To provide you with the strongest safeguards against this type of fraudulent account access, Advanced Protection adds extra steps to verify your identity. If you ever lose access to your account and both of your Security Keys, these added verification requirements will take a few days to restore access to your account.

 

Advanced Protection is available as of today at the link below.

 

I think this is an important tool for people who need to keep their correspondence and correspondents away from prying eyes. Journalists, political activists and victims of domestic abuse are all potential users of this feature. However, it will of course mean more inconvenience (not to mention the money you will have to spend on hardware code tokens), so I think that most people won't turn it on. It will also be interesting to see what happens when the first law enforcement agency tries to gain access to a protected account by force, and whether Google is willing or even capable of helping in this case if the security tokens are destroyed.

 

Sources:

primary source: https://landing.google.com/advancedprotection/

secondary source: https://www.wired.com/story/google-advanced-protection-locks-down-accounts/

 

[Crunchy Dragon]

That's pretty nifty

[knightslugger]

So they're just telling you that FIDO keys are acceptable for google 2FA, which has been a thing for like, quite a while now? Additionally, locking Google Apps access to Chrome.

 

 

[Fetzie]

Just now, knightslugger said:

So they're just telling you that FIDO keys are acceptable for google 2FA, which has been a thing for like, quite a while now? Additionally, locking Google Apps access to Chrome.

 

 

And if you need to recover the account, you will have to go through a more extensive verification process to make sure it is you and not somebody else.

[Tech_Dreamer]

Pretty good move , But remember , To those in power this isn't an issue.

[Bananasplit_00]

feels like i might actiually do this, but not right now. i switch google account and shit all the time and haveing this would probably be a bit of a pain for me, but i like the physical key aspect of it all to be honest