Months ago, Google announced a feature which is an upgrade to the current security of Google accounts, and not many people are using it. Google called this feature Advanced protection, and it aims to provide the strongest security to people who need it most.
Especially the ones that need protection from targeted attacks like journalists, activists, business leaders, and political campaign teams. With the high phishing attacks and data breaches that have occurred this year, I believe everyone is a liable target.
This security setting goes past beyond the traditional two-step verification system to protect you even from phishing attacks. Phishing is the most common way that hackers use to gain access into your Google account and access your documents, email, calendar, and every other piece of sensitive information that you might have stored in any Google product. According to the current standards, Advanced protection is the most secure authentication method to be ever implemented by any firm. It’s so secure in that it’s not easier to set up for an ordinary Joe. What makes it probably advanced is the use of a physical security key. Yeah! The physical key, but the digital ones embedded in a USB stick. Security is now not as easy as flipping a switch as the security to convenience ration is higher than what it used to be in its other authentication methods. Authentication factors, like codes sent via SMS or the Google Authenticator app, are no longer working.
Not easy to setup
Google indeed used the principle of the tough the security, the tough the setup which in turn makes the security hacker proof. To be able to use Advanced Protection, you need to have two gadgets known as keys which you have to carry with you anytime you want to log into your account from a new device. To access your account, you connect the gadgets or the universal two factor (U2F) tokens to your smartphones or computer. The U2F authenticates if you are the owner of the Google account after you have entered the password.
The two gadgets are one USB based key for computers with a USB Type A ports and one Bluetooth based key for devices without USB Type A ports such as smartphones. If you forget your keys at home and try to log into your account, then you will be out of luck. You might be wondering where you get the keys from; Google has a recommendation. That’s buying keys from a company known as Feitian. But the Advanced protection feature will also work with any U2F keys as long as the manufacturer has been approved by the online authentication standards group, FIDO alliance.
The two gadgets are the prerequisites requirements for the security feature. If you have them already, go to the on My Account section via any Google service using your computer, then Sign-In and Security, then proceed to Advanced Protection. Since Google already knows how the process is, it will walk you through a set of instructions which basically lead you into entering your password and then registering each physical key.
To start the process, you will plug in the USB key followed by the Bluetooth key via a cable. Once you finish setting up the keys and enabled the Advanced protection, you will be logged out of all your Google services automatically. That’s on every computer you might have logged in except the one you’ll be using at the moment. To log back in of which you will need start with the one on your Android device, you will need to connect the tokens by USB or by Bluetooth pairing.
If you own an iPhone which has a google account, you will need other extras for the process to be complete. You will need to install Smart Lock – Google’s password manager that will handle the iPhone’s wireless authentication with the key. Android phones don’t need the Smart Lock as it is a built-in feature. In iOS, the authentication is cumbersome but goes through after a couple of tries. The best thing, you only need to authenticate the device you own once, and then you can choose to designate as yours to skip the tiresome log in process henceforth.
…is it worth the sacrifice?
A unique thing and perhaps a security measure is that Advanced protection won’t work with non-google products. Most people who use plugins to access Gmail will need to ditch them as they will be useless. Advanced Protection will also automatically limit third-party apps from accessing your most sensitive data – your emails and your Drive files to only trusted apps. Apart from the setup process and the fact that it only works with Google products, Advanced protection is worth your while. But the sacrifice is nothing compared to losing your security keys, and you need them to log in again. For the recovery process, Advanced protection is rigorous than how normal accounts do recovery. You will be locked out of your account for 3-5 days. Although this measure may seem harsh, it’s actually best as it makes phishing more difficult than before.