Google’s Advanced Protection requires physical keys to access a Google account, protects against phishing, blocks fraudulent access and limits access to your account to Google apps. Credit: Robert Scoble Instead of focusing on all users, Google set its sights on the minority who need the strongest security measures and today announced the launch of its Advanced Protection Program. The program goes beyond two-step verification by requiring a physical piece of hardware as a key to access your Gmail and other Google accounts; those who enroll will be trading convenience for added security.Google rolled out the new security measure for the minority of its users who are at an elevated risk of cyberattack. In the company’s words:We took this unusual step because there is an overlooked minority of our users that are at particularly high risk of targeted online attacks. For example, these might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety. Sometimes even the most careful and security-minded users are successfully attacked through phishing scams, especially if those phishing scams were individually targeted at the user in question.If you have a personal Google Account, you can enroll using Chrome — and only Chrome, at least for now, as it supports the U2F standard and has done so since 2014. After enrolling, Google promises to “always use the strongest defenses that Google has to offer” and to “continually update” those security measures.How to use Google Advanced ProtectionTo use Google Advanced Protection, you will need two Universal 2nd Factor (U2F) security keys, which have been approved by the FIDO Alliance. That means you will need a U2F USB key for your computer and one that can authenticate over Bluetooth for your mobile devices — phone, table and laptop. For example, Google suggests purchasing a Yubico FIDO U2F security key and a Feitian MultiPass FIDO security key. Once you have two U2F keys approved by the FIDO Alliance, you can turn on Advanced Protection. Once Advanced Protection is on, your Google life will change. 2FA verification codes sent to your phone and the Google Authenticator app will no longer grant access to your account. If you accidentally fall for a phishing scam and enter your password, the attacker or social engineer can’t get into your account without the U2F keys.If an attacker tries impersonation and uses the “forgot password” route, there are added steps for an Advanced Protection user to verify his or her identity. Google doesn’t specify what those extra steps will be other than “additional reviews and requests for more details about why you’ve lost access to your account.” Furthermore, “if you ever lose access to your account and both of your Security Keys, these added verification requirements will take a few days to restore access to your account.”Additionally, to prevent third-party malicious apps from gaining access your account, Google will automatically limit access to your Gmail and Drive to specific apps — especially its own for now. If you want to access your Gmail, then you have to use Chrome or the Gmail app. You will also have to use Chrome if you want to access your Photos or other signed-in Google services.Personalized Google Security CheckupTo celebrate Cybersecurity Awareness Month, Google said it intends to launch a series of security announcements this week.Yesterday, Google announced the launch of its revamped Security Checkup, which provides “personalized guidance to help you improve the security of your account.” Hopefully, you will see a green check mark next to each item in the list. If not, then you need to take care of the items marked with yellow or red exclamation points. The new and improved Security Checkup will evolve as new threats arise.Google is also testing new predictive phishing protections in Chrome. If you input your Google password into a suspected phishing site, you might see a warning that states something similar like this: “This site may have just stolen your password.”The company added, “We plan to expand predictive phishing protection to all other passwords you’ve saved in Chrome’s password manager, and [we plan to] enable other apps and browsers that use Safe Browsing technology, like Safari, Firefox and Snapchat, to use it as well.” Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe