It is good to be paranoid when it comes to cybersecurity.
Google already provides various advanced features such as login alerts and two-factor authentication to keep your Google account secure.
However, if you are extra paranoid, Google has just introduced its strongest ever security feature, called “Advanced Protection,” which makes it easier for users, who are usually at high risk of targeted online attacks, to lock down their Google accounts like never before.
“We took this unusual step because there is an overlooked minority of our users that are at particularly high risk of targeted online attacks,” the company said in a blog post announcing the program on Tuesday.
“For example, these might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety.”
Even if a hacker somehow gets your password—using advanced phishing attacks, zero-day exploits or spyware—and tries to access your Google account, they will not be able to get in.
To enable Google’s Advanced Protection feature, you will need two physical security keys that work with FIDO Universal 2nd Factor (U2F)—which offers a hardware-based two-factor authentication that does not require secret codes via SMS or emails.
To log into your Google account from a computer or laptop will require a special USB stick while accessing from a smartphone or tablet will similarly require a Bluetooth-enabled dongle, paired with your phone.
“They [security devices] use public-key cryptography and digital signatures to prove to Google that it’s really you,” the post reads. “An attacker who does not have your Security Key is automatically blocked, even if they have your password.”
Google’s Advanced Protection offer three features to keep your account safe:
- Physical Security Key: Signing into your account requires a U2F security key, preventing other people (even with access to your password) from logging into your account.
- Limit data access and sharing: Enabling this feature allows only Google apps to get access to your account for now, though other trusted apps will be added over time.
- Blocking fraudulent account access: If you lose your U2F security key, the account recovery process will involve additional steps, “including additional reviews and requests for more details about why you’ve lost access to your account” to prevent fraudulent account access.
Advanced Protection feature is not designed for everyone, but only for people, like journalists, government officials and activists, who are at a higher risk of being targeted by government or sophisticated hackers and ready to sacrifice some convenience for substantially increased e-mail protection.
Currently, if you want to enrol in the Advanced Protection Program, you will need Google Chrome, since only Chrome supports the U2F standard for Security Keys. However, the technology expects other browsers to incorporate this feature soon.
Google Adds ESET Malware Detection to Chrome
Google has also made a notable change by partnering with anti-virus software firm ESET to expand the scope of malware detection and protection in its browser through the Chrome Cleanup feature.
Chrome Cleanup now has a malware detection engine from ESET, which works in tandem with Chrome’s sandbox technology.
“We can now detect and remove more unwanted software than ever before, meaning more people can benefit from Chrome Cleanup,” Google said in a blog post published Monday.
“Note this new sandboxed engine is not a general-purpose antivirus—it only removes software that doesn’t comply with our unwanted software policy.”
You can sign-up for Google’s Advanced Protection here.