Skip to main content

Google announces Advanced Protection Program for accounts ‘most at risk’ for attack

As rumored late last month, Google today announced its “Advanced Protection Program” to protect personal Google Accounts of “those most at risk of targeted attacks—like journalists, business leaders, and political campaign teams.” The central defense is a physical Security Key that replaces other forms of two-factor authentication (2FA).

Considering the Advanced Protection Program an “unusual step,” it is intended for the overlooked minority of users who are at particularly high risk of targeted online attacks:

For example, these might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety. Sometimes even the most careful and security-minded users are successfully attacked through phishing scams, especially if those phishing scams were individually targeted at the user in question.

Google notes that the Advanced Protection Program isn’t for everyone, with the company recognizing that users will be trading “a bit of convenience for more protection of their personal Google Accounts.”

At the moment, Google’s “strongest security” is composed of three aspects:

  • Physical Security Key: To guard against phishing, a physical Security Key will be required every time you log into a device. This will replace and disable other forms of authentication like SMS and the Google Authenticator app.
  • Limit data access and sharing: Third-party apps will no longer have access to Gmail or Drive, with email only available through Gmail or Inbox clients. Due to iOS apps not supporting Security Keys, Google notes that the Apple Mail, Contacts, and Calendar apps will not work, with users being forwarded to the first-party apps on iOS. Meanwhile, Google services that require a sign-in, like Photos, will only be available through Chrome.
  • Blocking fraudulent account access: The last measure is designed to counter impersonators who claim to be locked out of their account. Google notes “extra steps,” like additional reviews and request for more details, in place during the account recovery process. This process will “take a few days.”

Google will add more security measures in the future, with those in the Advanced Protection Program being the first to receive new features:

Once you enroll in Advanced Protection, we’ll continually update the security of your account to meet emerging threats—meaning Advanced Protection will always use the strongest defenses that Google has to offer.

The program is open to anybody with a personal Google Account, though users will need to have a Physical Key, as well as Chrome for sign-up. Meanwhile, G Suite accounts already have “comparable protections.”


Check out 9to5Google on YouTube for more news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com