Editor’s note: October is Cybersecurity Awareness Month, and we’re celebrating with a series of security announcements this week.
When operating at the scale of Google, we usually strive to build products that serve the needs of billions of people. Today we’re introducing a different kind of product—one that we specifically tailored to protect the online security of a much smaller set of users.
We took this unusual step because there is an overlooked minority of our users that are at particularly high risk of targeted online attacks. For example, these might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety. Sometimes even the most careful and security-minded users are successfully attacked through phishing scams, especially if those phishing scams were individually targeted at the user in question.
To address this need, we’re introducing the Advanced Protection Program. Advanced Protection provides Google’s strongest security, designed for those who are at an elevated risk of attack and are willing to trade off a bit of convenience for more protection of their personal Google Accounts.
Once you enroll in Advanced Protection, we’ll continually update the security of your account to meet emerging threats—meaning Advanced Protection will always use the strongest defenses that Google has to offer.
At the start, the program focuses on three core defenses.
The strongest defense against phishing: Advanced Protection requires the use of Security Keys to sign into your account. Security Keys are small USB or wireless devices and have long been considered the most secure version of 2-Step Verification, and the best protection against phishing. They use public-key cryptography and digital signatures to prove to Google that it’s really you. An attacker who doesn’t have your Security Key is automatically blocked, even if they have your password.
Protecting your most sensitive data from accidental sharing: Sometimes people inadvertently grant malicious applications access to their Google data.
This article was sourced from Google Blog