Key highlights:

  • New security features designed for people who are at an elevated risk of attack
  • The high risk users include campaign staffers, journalists or those in abusive relationships
  • The program will focus on three core defenses

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

Google announced that it has launched new security features designed for people who are at an elevated risk of attack. The company introduced the Advanced Protection Program that provides Google's strongest security features to protect the users personal Google Accounts.

It said that this feature is specifically tailored to protect the online security of a much smaller set of users.

The smaller set of users it referred to include campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety, it said.

“We took this unusual step because there is an overlooked minority of our users that are at particularly high risk of targeted online attacks. Sometimes even the most careful and security-minded users are successfully attacked through phishing scams, especially if those phishing scams were individually targeted at the user in question,” said Dario Salice, Advanced Protection Product Manager, Google in its blog post.

Salice said that Advanced Protection provides Google's strongest security, designed for those who are at an elevated risk of attack and are willing to trade off a bit of convenience for more protection of their personal Google Accounts.

For this feature people have to enroll for Google to enable it for their accounts.

“Once you enroll in Advanced Protection, we’ll continually update the security of your account to meet emerging threats—meaning Advanced Protection will always use the strongest defenses that Google has to offer,” Salice said.

The program will focus on three core defenses, ie protection against phishing, protection of sensitive data from accidental sharing and blocking of fraudulent account access.

The Advanced Protection they said will provide the strongest defense against phishing. For this it requires the use of Security Keys to sign into a users account. Security Keys are small USB or wireless devices and have long been considered the most secure version of 2-Step Verification, and the best protection against phishing, it said.

“They use public-key cryptography and digital signatures to prove to Google that it’s really you. An attacker who does not have your Security Key is automatically blocked, even if they have your password,” the company said.

The second is protecting your most sensitive data from accidental sharing. This happens as sometimes people inadvertently grant malicious applications access to their Google data.

Advanced Protection from Google prevents this by automatically limiting full access to the users Gmail and Drive to specific apps.

“For now, these will only be Google apps, but we expect to expand these in the future,” said Salice.

Another common way hackers try to access a persons account is by impersonating them and pretending they have been locked out. For Advanced Protection users, extra steps will be put in place to prevent this during the the account recovery process—including additional reviews and requests for more details about why they have lost access to their account.

Salice said that they have been testing the Advanced Protection feature for the last several weeks and learning from people like Andrew Ford Lyons, a Technologist at Internews, an international nonprofit organisation that has supported the development of thousands of media outlets worldwide.

Anyone with a personal Google Account can enroll in Advanced Protection. Today, you will need Chrome to sign up for Advanced Protection because it supports the U2F standard for Security Keys. We expect other browsers to incorporate this soon.

For now, Advanced Protection is only available for consumer Google Accounts. To provide comparable protections on G Suite Accounts, G Suite admins can look into Security Key Enforcement and OAuth apps whitelisting.

ALSO READ: