Google today announced a new set of measures called “Advanced Protection,” meant to lock down users’ accounts extremely tightly against would-be intruders on Gmail, Google Drive, YouTube, or any other Google-owned service.
It’s a feature meant for high-profile targets who may already face attacks, like journalists, high-placed government and military officials, or the extremely wealthy, and comes in the wake of several breaches of Gmail services in the recent past.
The “Advanced Protection” hinges on two basic ideas. One is that the user will need to have a physical way of IDing themselves to their devices at all times. On computers, this means a USB thumb drive; for phones, this means a Bluetooth dongle. The other is that if you forget your password or log-in information, Google will, per Wired, put you through “an account recovery process […] far more stringent and labor-intensive than the one used for normal users when they click ‘forgot password?’” This includes a cooling-off period while users provide other forms of identification.
The mode will also prevent third-party apps from hooking into Gmail or Google Drive, and offer a much more stringent scan for malware than normally provided, including preventing the download of attachments for 60 seconds while every incoming file is scanned.
It will require users to buy both a USB key and Bluetooth dongle, both usually costing around $20 or $25, and will no doubt lead to someone with a lot of responsibility, power, or money (or all three) getting locked out of their email for a nontrivial amount of time. But the added security may be worth it. The two-factor authentication that many of us rely on to keep our accounts safe is too vulnerable to savvy attackers, particularly the state-sponsored hacking teams that have been popping up in recent years.
This system likely would have prevented the spear-phishing attack against John Podesta that leaked thousands of DNC emails last summer, because even after Podesta gave up his username and password, the attackers still wouldn’t have had Podesta’s physical USB key to log in to his email account.
As the Center for Democracy and Technology’s Lorenzo Hall says to Wired, “If John Podesta had been able to turn this on sometime last year, the world might be a very different place.”