The Daily Swig Web security digest

Google puts accounts on lockdown with Advanced Protection

James Walker | 18 October 2017 at 13:00

Top-tier 2FA protection for those who need it most.

Marking a new chapter in its ongoing effort to protect account holders, Google has rolled out the Advanced Protection Program, which provides an added level of security for those deemed most at risk of targeted attacks.

Advanced Protection requires the use of a physical security key to sign into a Google account. The USB and Bluetooth devices use public-key cryptography and digital signatures to validate the account holder’s authenticity.

Google said Advanced Protection will help safeguard individuals from phishing attacks, accidental data sharing, and fraudulent account access.

The use of a physical key goes one step beyond typical two-factor authentication (2FA) methods – in which a code is delivered to a user’s mobile device – because there is no way for an attacker to steal the key from afar.

Although all personal Google account holders can enroll in the company’s new two-factor authentication, the Alphabet company said the initiative is aimed at protecting “high risk” individuals, such as political campaign staffers, journalists, or even people in abusive relationships.

“Once you enroll in Advanced Protection, we’ll continually update the security of your account to meet emerging threats – meaning Advanced Protection will always use the strongest defenses that Google has to offer,” said Advanced Protection product manager, Dario Salice.

Users will, however, have to purchase their own 2FA keys. One USB device for desktop use costs around $20, and one Bluetooth-enabled key for mobile is priced at around $25.

Click here to sign up for Advanced Protection.