Blog Post View

Google's Advanced Protection Program for high-risk users

We've recently heard that about a half-billion Facebook accounts were breached, and posted on hacker's forum for anyone to grab. We often hear the world's largest companies were hacked, and our personal data are leaked. A website like Have I been Pwned search data breaches, and tells you if your email or phone number has been pwned. It's not your fault that your personal data has been breached, but you'll be the next victim of identity theft if you don't protect yourself.

What is Google's Advanced Protection Program?

Google's Advanced Protection Program (APP) is a security-key based 2FA program that will further protect Google accounts for those who are at risk for targeted attacks. High-profile individuals like politicians, journalists, activists, business leaders, and anyone who may require additional protection may enable Google's APP. It is Google's strongest security program designed to protect your private information safe.

Although it provides the strongest protection against online attacks, it's not for everyone. By enabling Google's APP on your accounts, you're making it more difficult for you to log in to your Google accounts especially on those machines that you don't use often. The extra layer of protection comes in at a price that makes it more complicated to authenticate yourself. You're trading off improved security over an inconvenient way of logging in to your Google accounts.

When you have the Google's APP enabled on your Google accounts, you'll first sign in with your email and password as usual. Upon successful first-factor login, you'll be prompted to use your hardware key (smartphone or USB key) to authenticate yourself a second time. The second-factor authentication must be a physical key, and cannot use SMS or authenticator apps such as the Google Authenticator, Authy, or Microsoft Authenticator.

Google's Advanced Protection Program is a 2FA, but the second-factor authentication must be from a physical key. The APP is designed to protect Google accounts such as Gmail, Google Drive, Google Photos, Google Calendar, and no third-party apps.

What are physical security keys?

The hardware security keys are U2F and FIDO/2 compliant devices that plugs into an USB or Apple's Lightning plug, and are also NFC compatible. Google also allows the smartphone's built-in security key, but due to COVID-19, the enrollment with the smartphone key is temporarily suspended. Google may reenable smartphone keys in the near future when COVID-19 is no longer an issue.

Since smartphone security keys are not acceptable at the present time, you must obtain a hardware security key such as the YubiKey from Yubico, Titan from Google, FIDO U2F from Thetis, or any other FIDO compatible security keys.

APP now protects you from Malware

By enabling Google's APP on your smart devices, Google will automatically enable "Google Play Protect". It is Google's built-in malware protection app for Android that will scan your device for malware and other harmful security issues. It will also limit a user from installing apps outside of the Play Store, which will be very limiting for many users. The non-Play Store apps that are already installed will continue to work, and updated. There are a couple of exceptions though, either use the manufacturer-supplied app store or an Android developer tool.

Conclusion

Google's Advanced Protection Program was introduced in the fall of 2017 and provides the strongest security platform for Google accounts. Those who are at risk of targeted attacks may consider enabling Google's APP. This program requires a physical security key to authenticate yourself as a second form of authentication and may complicate your login process especially on devices that you don't often use. The additional layer of protection comes at the cost of inconvenience, but it will be worth it to many people who require additional protection.

Share this post

Comments (0)

    No comment

Leave a comment

All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.


Login To Post Comment