Google is creating an even more secure login process for users at high risk of online attacks. The new Advanced Protection feature focuses on defending against phishing, accidental sharing, and fraudulent access to accounts. The feature has been introduced for users such as journalists who need to protect their sources, or campaign staffers during an election.
The program will use Security Keys, which are small USB or wireless devices required to sign into accounts. Google says they’re the most secure version of two-step verification; they use public key cryptography and digital signatures to confirm a person’s identity. Security keys can be fiddly, so Google says they’re for users who don’t mind carrying them around, using the Chrome browser on desktop, and using Google apps, as the key won’t work with the iPhone’s mail, calendar, and contact apps.
Users who are part of Advanced Protection will also have extra steps put in place during the account recovery process, which will include additional reviews and requests about why a user has lost access to their account. The feature also automatically limits full access to Gmail and Google Drive for specific apps.
Google said earlier this year that it planned to upgrade its two-factor authentication tool after several high-profile hacks, including to Clinton campaign chairman John Podesta’s Gmail account in 2016. Google says it will continually update the security of accounts that are signed up for the program. The feature is available to anyone with a regular account.