Tech giant Google recently rolled out a higher level of security for its accounts, called Advanced Protection. It is focused on users who face a serious and significant possibility of cyber attacks from a high level, such as governments that target human rights workers or journalists. As tech journal Wired wryly notes, it is not a product for an older family member who has been receiving spam for years, but for political operatives and others who might be targeted by the most sophisticated systems going.
Its immediate impetus seems to have been the targeting of Google’s popular Gmail app with phishing and other scams.
Locking Down Security with Universal Second Factors
The move is interesting as a piece of technology news because it marks a move to devices as second-line security rather than digital methods, such as text or phone authentication.
Users of Advanced Protection will need to purchase specific equipment, known as universal second factors (U2F). U2Fs are USB keys for personal computers and Bluetooth dongles. Both operate as physical keys to get into Google accounts, including Gmail, Google drive, and YouTube.
As reviews of the service note, the fact that U2Fs are physical devices operated by the user and because they are inserted into digital devices, U2Fs raise the bar for hackers significantly. It thus makes the possibility of hacking accounts that have Advanced Protection much less likely.
The new security system requires physical Universal Second Factors connected to PCs and mobile devices.
Some Drawbacks for Consumers
Despite the enhanced security, however, the service does have some drawbacks. First, it slows down systems somewhat. Early reports indicate that the sending of files might be delayed by as much as a minute as the souped-up malware scanner associated with the devices does its job. Second, it can currently only be run on Chrome, Google’s browser. Third, Google has barred any other app from accessing its apps, so popular universal e-mail applications like Thunderbird are no longer compatible with Gmail.
Another potential drawback is that a backup plan in case of loss is not going to be easy. Now, of course, replacing a lost or forgotten password is simple, and accomplished in a few clicks. But losing the devices and passwords associated with Advanced Protection is going to involve locking the account for a (currently unspecified) time while the user proves identity through other methods.
It also, of course, costs more than current security methods. Passwords and two-step authentication is free. Advanced Protection is free to sign up, but requires purchases of the devices. These will cost, Wired estimates, about $50.00 for one device to protect a personal computer and one to protect a mobile device. The cost may be prohibitive for some organizations and needs to be balanced with their business strategy.
Initial reports on the service focused on the consumer disadvantages in purchasing the U2Fs and the restrictions on browser and e-mail app choice. Popular press dicta is that consumers will choose ease and convenience over any more cumbersome method.
Yet it’s also interesting to speculate that, as cyber breaches become both more common and more comprehensive, consumers might opt for a system that promises firm protection. As the availability of Advanced Protection is only a few weeks old, data on the ground is still scant. Stay tuned.