This week I came across an article about a new security possibility for Google users. This new possibility is called “Advanced Protection Program”, it’s already online at https://landing.google.com/advancedprotection/.
The main function of this Advanced Protection Program is to safeguard personal Google Accounts of people who are most likely to be targeted by hackers. Such users could, for example, be: journalists, business leaders or politicians. But the beauty of it is that the program is also available to people like you and me. All you need to do is buy two physical goods, the first one being: https://www.amazon.com/Feitian-MultiPass-FIDO-Security-Key/dp/B01LYV6TQM, this is a Bluetooth dongle, while the second item is a USB-like device: https://www.amazon.com/Yubico-Y-123-FIDO-U2F-Security/dp/B00NLKA0D8.
To log in to your Google Account from a desktop the USB key is required, while the Bluetooth dongle is required when signing in from a mobile device. Downloads and email attachments, which are only downloadable from Chrome, are delayed by about one minute, in this minute Google performs a scan that’s more advanced than the standard scan. When logged in, all running services and apps which aren’t Google’s own will be exiled to reach any data from your Google Account.
Other forms of 2-step authentication aren’t new of course in the digital world, but the advantage over older techniques is that it won’t be necessary to enter a code anymore. This is favourable because a code could be intercepted, for example at a phishing website. Google checks if the physical key belongs to the user that’s trying to log in, and if it matches it opens the possibility to log in from inside so to say.
Another security measurement that comes with the program is the advanced, and at this moment still secretive, account recovery process. If you’ve lost your physical keys, getting access to your account again won’t be as easy as it is right now. Details are still unknown, but Google announced that it includes a “cooling-off” period and that your whole account will be entirely shut down for a, still unknown, period of time.
The offering of such an option is very welcome and could prevent a lot of tragedies for individuals and society.
The article can be found here: https://www.wired.com/story/google-advanced-protection-locks-down-accounts/