Google’s new protection programme includes a physical ‘Security Key’ that replaces other forms of two-factor authentication
In order to protect journalists, business leaders and member of political campaign teams at higher risk of being targetted by hackers, Google has rolled out an Advanced Protection Programme. This programme includes a physical “Security Key” that replaces other forms of two-factor authentication (2FA). The physical security key is a dongle, either Bluetooth or USB. Users can plug it in to prove their identities to Google.
“To provide the strongest defence against phishing, Advanced Protection goes beyond traditional 2-Step Verification. You will need to sign into your account with a password and a physical Security Key,” Google wrote in a blog post.
Other authentication factors, like codes sent via SMS or the Google Authenticator app, will no longer work. “This will replace and disable other forms of authentication like SMS and the Google Authenticator app,” the post added.
The advanced protection feature will automatically limit third-party apps from accessing your most sensitive data — your emails and your Drive files. “Third-party apps that want access to Gmail or Drive will no longer have permission. For secure access, you will need to use the Gmail app or Inbox by Gmail,” Google said.
You will only be able to use the Chrome browser to access signed-in services like Gmail or Photos. Apple Mail, Contacts and Calendar apps do not currently support Security Keys and will not be able to access your Google data. Instead, you can use the Gmail, Inbox or Google calendar apps on iOS.
A common way that hackers try to gain access to accounts is by impersonating the users and pretending they have been locked out of their account. To provide users with the strongest safeguards against this type of fraudulent account access, Advanced Protection adds extra steps to verify the identity.
“If you ever lose access to your account and both of your Security Keys, the added verification requirements will take a few days to restore access to your account,” the post said.