Advertisement

Google launches “strongest security” opt-in program for high risk users

Google launches “strongest security” opt-in program for high risk users
From TechCrunch - October 17, 2017

Google has today launched a free, opt-in program aimed at users who believe their Google accountssuch as Gmail, Drive, YouTube etcto be at particularly high risk of targeted online attacks.

The Advanced Protection program currently consists of the three main elements: defending Gmail and Google account users against phishing attacks by requiring 2FA via a token generated by a hardware security key; locking down the risk of malicious applications grabbing sensitive data by automatically limiting full access to Gmail and Drive to just Google apps (for now); and reducing the risk of hackers gaining access to a Gmail account via impersonation by adding more steps to the account recovery process.

Safe to say, this is greater security via reduced convenience. And is being billed as most definitely not for everyonebut rather for a small minority of users at elevated risk of targeted hacking.

Google cites examples such as political campaign staff working to get their candidate elected or journalists whose job is to handle sensitive information.

Last year the hacking of Democratic campaigner John Podestas emailsshone a massive spotlight on the risks of sensitive email accounts being hackedas the contents of the emails were picked over in public and undoubtedly shaped the narrative of the US presidential election campaign. (While earlier this year it was also revealed that hackers had targeted French presidents Emmanuel Macrons staffers email accountswith emails leaked on the eve of that poll.)

We took this unusual step because there is an overlooked minority of our users that are at particularly high risk of targeted online attacks. For example, these might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety. Sometimes even the most careful and security-minded users are successfully attacked through phishing scams, especially if those phishing scams were individually targeted at the user in question, Google writes.

Advertisement

Continue reading at TechCrunch »