Google's new Advanced Protection Program helps high-risk users

Yolanda Curtis
October 17, 2017

Editor's note: October is Cybersecurity Awareness Month, and we're celebrating with a series of security announcements this week. This drastic account lockdown feature is designed for people at risk of sophisticated targeted attacks, and while it will make you safer, it will also make your life more hard.

However, that's not the only limit Advanced Protection introduces. The first involves the use of physical Security Keys to sign into your account. Anybody with a personal Google account can enroll if they want, though they'll need to supply a security key of course. Until you've entered a correct code from the key, you can't access your data.

The program is open to anybody with a personal Google Account, though users will need to have a Physical Key, as well as Chrome for sign-up. Since some users have lost access to their Google data after hackers pretend to be them and complete all the account recovery steps, Advanced Protection enrollees will have to go through extra review and other hurdles. Meanwhile, Google services that require a sign-in, like Photos, will only be available through Chrome. This is enforced by allowing only approved apps to be connected. For now, these will only be Google apps, but we expect to expand these in the future. Account personalisation The third and final element focuses on making it harder for attackers to impersonate you.

Blocking fraudulent account access: The last measure is created to counter impersonators who claim to be locked out of their account.

In addition to this, Advanced Protection limits the apps that are allowed to access your Google Drive or Gmail account (which has been a vector for attacks in the past), and also makes it much more hard to recover your account, preventing hackers from gaining access through social engineering. "Strongest defenses" Advanced Protection does make using the web less streamlined and convenient. Google isn't, understandably, detailing exactly what those will comprise at this point, though does say that, for those who lose both account access and both security keys, it could "take a few days" to restore access with the new, more stringent system.

Google cites examples such as political campaign staff working to get their candidate elected or journalists whose job is to handle sensitive information.

Other reports by iNewsToday