After 2016 Clinton Email Hacks, Google Reconsiders Security for High-Profile Accounts
In the wake of politically motivated cyberattacks and sophisticated, state-sponsored hackers targeting politicians worldwide, Google is proposing a better, stronger, and old-school security solution for a select few. The company is working on new security tools, including one that will potentially replace two-factor authentication. Especially designed for high-profile corporate executives and politicians, Google's reported "Advanced Protection Program" will offer a number of additional features to these accounts, including physical security keys.
"Over the past year, Google has refurbished its account security systems several times," Bloomberg reported these new security features citing two people familiar with the company's plans. "The upgrades come as the company pitches its Gmail and document apps to business clients."
Google's Advanced Protection Program could replace 2FA
Bloomberg reports that the new program would "effectively replace the need to use two-factor authentication to protect accounts with a pair of physical security keys." This is an important feature, but not the first time that Google will be marketing it. The device was first introduced in 2014 as a measure to improve security measures.
This new key under the Advanced Protection Program will be a second one required during the logging process. "When plugged into computers, the key lets users create more robust security measures for accounts on Gmail and other Google sites," the publication adds. "The new service will continue to require a physical USB key in addition to a second physical key for greater protection."
Recent hacks, especially the security flaws in SS7 protocol, have made breaking two-factor authentication extremely easily. Users are also unwittingly tricked into delivering their codes using social engineering techniques. With a physical key - that has been introduced by various third-party password managers, as well - select Google accounts would only be unlocked by someone who has both the password and the physical keys available.
In an effort to help those who are being specifically targeted by criminals online, Google's new security tools will also include a service that will block third-party applications from accessing any data. While Bloomberg's report notes the hack of Gmail account of John Podesta, Hillary Clinton’s 2016 Presidential election campaign chairman, cybersecurity and targeted hacks continue to be one of the biggest concerns for the governments worldwide.
Google will be updating this program on an ongoing basis to continue protecting user data and account security for those under this Advanced Protection Program. The service will reportedly launch later this month and will be available to individuals with "heightened security concerns." It is unclear at the moment if the company will offer the enhanced security protections to normal Google users, as well.
- We have reached out to Google for a comment on this report and will update this space accordingly.