Lock down your accounts with Google's new Advanced Protection feature

By Shawn Knight ยท 10 replies
Oct 18, 2017
Post New Reply
  1. Google recently announced a powerful tool for those whose accounts are simply too important to risk having hacked.

    The new Advanced Protection Program sacrifices convenience in the name of security by requiring a physical Security Key in addition to entering your password to access various Google apps and services. Because of this physical requirement, it’s far more secure than digital-only two-factor authentication techniques which can be intercepted.

    Note that you’ll need a physical USB key for use with your computer and / or a Bluetooth key for your mobile device. U2F dongles can be had from retailers like Amazon for under $20.

    The opt-in security feature also prevents non-Google apps from accessing your various Google accounts. Furthermore, you’ll only be able to use the Chrome browser to access your signed-in services. This means, for example, that you won’t be able to use Apple’s own Mail, Contacts and Calendar apps in iOS (instead, you’ll need the official Gmail, Inbox and Google calendar apps).

    In the event you somehow get locked out of your account while using Advanced Protection (say you lose your dongle), regaining access is going to be a hassle. Google notes that it’ll “take a few days” to restore access to an account.

    Finding that perfect balance of convenience and security is an everyday struggle. This level of security certainly isn’t for everyone (it’s a lot of extra work) but if you’re a celebrity, journalist, politician or government official, fortifying access to various accounts is paramount.

    Details on how to enable Advanced Protection can be found on Google's landing page.

    Permalink to story.

  2. Uncle Al

    Uncle Al TS Evangelist Posts: 4,164   +2,637

    I can see definite advantages, especially for businesses. Of course drug traffickers and a whole host of other criminal enterprises will love it! Now we'll see how long before somebody figures out the backdoor by the NSA, FBI, CIA and other acronymed agencies.
    Reehahs likes this.
  3. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,280

    Google has had this method available for a long time now. I remember seeing it while lying in my cot several decades ago.
    Reehahs and JamesSWD like this.
  4. jobeard

    jobeard TS Ambassador Posts: 12,083   +1,345

    For a PC with extra USB slots, this makes sense, but our tablets and cell phones can't use USB keys :sigh:
  5. NeghVar

    NeghVar TS Rookie

    Which is why there is the bluetooth option
  6. jobeard

    jobeard TS Ambassador Posts: 12,083   +1,345

    Have you ever used an Internet Cafe? You can't attach a USB or BT device. This excludes a high percentage of European users without personal mobile devices.
  7. Mc128k

    Mc128k TS Enthusiast Posts: 30   +6

    Come on, it doesn't tell anywhere that it implies data encryption, it's just another password. A password is just for locking on the outside, not inside, they can still see all your kitty pictures and spam mail.

    The "backdoor" somehow implies that you are NOT forcing the main entrance (e.g. the password), but you are simply taking another path (e.g. "hi google, we're the gov, could you please hand us..." )
  8. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,867   +505

    Android devices can attach USB via a micro USB adapter.
  9. Mc128k

    Mc128k TS Enthusiast Posts: 30   +6

    Which is against every possible usability good practice.
  10. jobeard

    jobeard TS Ambassador Posts: 12,083   +1,345

    A USB device has the same issues we all had back with floppies - - an infection can be installed during the mount process (aka assigning a drive letter). IMO, you *must* disable autorun on all devices, scan them and then open the content(s).
    Last edited: Oct 19, 2017
    Darth Shiv likes this.
  11. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,867   +505

    If plugging in the USB into a device compromises your key, the security device isn't designed properly and is superficial at best.

    The whole point of a hardware dongle style key is that internally it has specialised hardware that protects it from compromise. For example it provides an API to fetch the next key and internally it generates the keys. It has hardware protection for the master key.

    Plugging the device into anything should never compromise a hardware key.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...