Wrapping up Cyber Security month and very close to the 1 year anniversary of the phishing attack on John Podesta’s emails, Google rolls out the Advanced Protection Program “for those who need it the most” – we’re still figuring why they keep iterating that bit. Well nevertheless, you can enroll in it whether or not “you need it the most”. Read on to explore what the new program is all about and how it will save the galaxy.

Ok, it will not save the galaxy. At the onset, this advanced security program uses:

• Small wireless or USB devices (security keys)
• Digital signatures
• Public-key cryptography

Alphabet’s Google Inc has taken up quite a few advancements in the wake of Oct ’17 (Security Checkup, Safe Browsing Real-Time etc.) and APP is one of them. APP uses physical devices such as USBs to work out a Two-Factor Authentication during log-in. So while attempting to sign-in on any new device, you’ll have to enter your password AND use the “key” registered with your account.

The core focus of the program

1. Phishing Defense:The use of physical security keys have been around for decades and are rest assured an extreme safeguard against phishing attacks. This type of 2FA is your best bet against phishing. The keys use public-key cryptography and digital signatures and any attacker would need both, your password AND the physical key to break into your account.

2. Limit data access to trusted apps (read Google apps):Google trusts no third-party apps currently when it comes to your data on Google. It will slowly add more trusted aps to their whitelist but not as of now. Google understands that falling victim to phishing, happens accidentally. With APP it ensures you will not inadvertently grant access to malicious applications.
3. Keeping the hackers out:It is very common for hackers to impersonate you and then try to break into your account using Account Recovery techniques. With APP in place, these hackers will most certainly get locked out. Account recovery can take a few days since extra steps will be put in place. This could be a pain if you’ve legitimately lost access but is well worth it.

APP: Highlights& Know-how

1. You’ll pay for the physical keys/USBs – buy from Amazon.
2. One USB key for desktop and one Bluetooth-LE-enabled key for mobile (around $50 total). The good news here is that Google’s Advanced Protection Program is FREE.
3. The keys that you purchase should be approved by FIDO Alliance.
4. Say goodbye to iOS apps. Not literally but they’re not supported by the key-based authentication program. This could mean some restriction on browsers, cloud-syncing etc. where you depend on third-party apps. You could however use Gmail, Chrome etc. on your iOS devices.
5. SMS codes & Authenticator app will no longer work.
6. Google has a step-by-step guide online for enrolling in this program: https://landing.google.com/advancedprotection/
7. How good are you with keys?I keep losing stuff all the time! As an advancement, there should be an app to help find the keys/USBs if they go missing.
8. Remember, this is somewhat like having a physical lock on your account – a physical key along with a password is the only way.

If you’re looking at tightening the security of your infrastructure, then head over to our contact form here, or call us at  +1-516-717-2049. We’re maven of remote infrastructure management and we’ve helped numerous clients hacker-proof their infrastructure!