As part of a stream of new security initiatives launched for Cybersecurity Awareness Month, Google announced its Advanced Protection Program, which includes several new security options for users who are at a higher risk of being attacked online.
The new program, which includes three enhanced defenses, will keep closer tabs on the accounts of vulnerable users and will regularly provide security updates and notifications to keep users abreast of potentially suspicious activity.
It’s worth noting while the initiative is designed for high-risk users, anyone with a personal Google account is eligible to enroll in Google’s Advanced Protection Program —though the average person who may not be concerned about a targeted attack against them may find the active security of the program too burdensome to take part in; additional security often includes a trade-off when it comes to convenience.
Google suggests a number of sample cases for the type of users who may want to take advantage of the advanced protection, such as a political campaign staffer storing sensitive information for an upcoming election in their account, journalists who require confidentiality to protect their sources and people in abusive relationships who need safety from a partner.
The services will also serve to help activists who are often the attacked by political opponents and at times can even be the target of government surveillance.
The first part of Google’s Advanced Protection Program is support for Security Keys, a form of two-factor authentication that requires an actual, physical key to be present before a user is granted access to their account.
Security Keys are generally small devices that can connect via USB or Bluetooth to a device that a person is attempting to login to. It acts as a secondary check to prove the identity of the person attempting to sign in. Not only will the user have to provide their password, but the key will have to be confirmed before entering the account.
If an attacker compromises a person’s password but doesn’t have the key, they won’t be able to get in.
There are a number of different Security Keys that an individual can purchase and link to their account to add this level of protection. Google recommends both a Bluetooth-enabled key that will work with basically any device including smartphones and tablets as well as a USB key as a backup option specifically for computers.
The second prong of Google’s new protections aims to lock down sensitive data. The Advanced Protection Program prevents a user from granting access to personal information and other potentially sensitive data to malicious apps by automatically limiting access to information from a user’s Google accounts, including Gmail and Google Drive.
Finally, the search giant is taking additional action to block fraudulent access to a user’s account by placing extra steps in the account recovery process. Hackers can often compromise a victim’s account by triggering the account recovery process and using information stolen through social engineering methods to impersonate the user and access their account.
Under the Advanced Protection Program, Google will add extra hurdles to the process that will attempt to perform additional reviews and requests to keep a malicious actor out. Google will ask for additional account details about how the user lost access to the account and attempt to verify any information before allowing a person access.