Google to introduce improved account security service in wake of high-profile hacks

midian182

Posts: 6,286   +53
Staff member

Amid the ongoing Russian hacking investigations and fallout from the massive Equifax breach, Google is about to introduce a new service that improves upon its two-factor authentication system — but it might not be available to everyone.

Citing two people familiar with the matter, Bloomberg reports that Google will launch its Advanced Protection Plan next month. The product will be marketed toward corporate executives, politicians and other high-profile figures with heightened security requirements. Whether it will also be available to ‘regular' users is unclear.

Google introduced support for universal 2nd factor (U2F) USB security keys back in 2014 (Facebook, Dropbox, and Salesforce also offer support). It improves security by requiring a dongle be inserted into a computer — along with a standard password — to access Google accounts such as Gmail. The method removes the need to type in codes from a phone and offers better protection from phishing sites.

The upcoming Advanced Protection Plan builds on this system by requiring a second physical hardware key in addition to the USB security key. Only when both devices have been detected will a Google account unlock.

The new security plan doesn’t stop there, though. Not only will the service block all third-party programs from accessing customers’ Google Drive files, but it also offers regular security updates for keeping information secure using the most up-to-date methods.

It was recently revealed that accountancy giant Deloitte was another firm to have fallen victim to hackers. Its global email server had been compromised via a password-protected administrator account that didn’t use two-factor authentication.

Permalink to story.

 

Uncle Al

Posts: 7,748   +6,376
In fact one of the first one of these was introduced by AutoDesk back around 1988 or so to keep people from cracking their software. It lasted about 4 months before it was broken and that was long before the degree of sophistication many of these hackers have .......
 

Kotters

Posts: 331   +225
In fact one of the first one of these was introduced by AutoDesk back around 1988 or so to keep people from cracking their software. It lasted about 4 months before it was broken and that was long before the degree of sophistication many of these hackers have .......
If modern 2FA was so easily broken, it would have been broken by now. I very much doubt a hardware DRM key was constructed with and used the same mechanisms as a security token.
 

mbrowne5061

Posts: 1,721   +978
In fact one of the first one of these was introduced by AutoDesk back around 1988 or so to keep people from cracking their software. It lasted about 4 months before it was broken and that was long before the degree of sophistication many of these hackers have .......
If modern 2FA was so easily broken, it would have been broken by now. I very much doubt a hardware DRM key was constructed with and used the same mechanisms as a security token.
I don't know about you, but I didn't get "modern" from "the first one...back around 1988"