Google’s Advanced Protection Program Offers Security Options For High-Risk Users
Security is not a one-size-fits-all proposition, and features that are prohibitively inconvenient for some could be critical for others. For most users, standard account security settings options are sufficient protection against common threats. But for the small minority of users who might be targeted individually—like journalists, policy makers, campaign staff, activists, people with abusive exes, or victims of stalking—standard security options won’t cut it.
For those users, Google recently added the option to add stronger protections to personal Google accounts with the Advanced Protection Program. Advanced Protection is a big step in the right direction to provide different levels of protection for different people, and other companies and platforms should follow suit.
An account with Advanced Protection turned on will change in three main ways. First, when you sign in, you’ll need to use a physical security key in addition to your password. Advanced Protection also requires you to have a second back-up key on hand. Second, you’ll only be able to use Gmail and other Google services on the Chrome browser, and third-party apps won’t be able to access your Gmail or Google Drive. And third, if you ever get locked out of your account, regaining access will take more time and require more types of identity verification. Respectively, these measures protect against phishing, malicious apps that try to trick you into granting them excessive permissions, and attackers who try to use the account recovery process to take over your account.
This adds up to the best option available to individuals who want to give their personal Google accounts the highest level of security without needing technical expertise or deep pockets.
Of course, Advanced Protection comes with significant trade-offs and limitations. Starting to use Advanced Protection requires two security keys and some set-up time. For people not used to carrying around and keeping track of security keys, that can pose an inconvenience when signing in. And once signed in, users who rely on non-Google apps or clients to use their Gmail or Google Calendar will lose some of that functionality. This is especially the case for Mac and iPhone users: since native Apple applications do not currently support two-factor authentication with security keys, iOS users will have to take arduous extra steps to make sure their apps and contacts are set up. Finally, if you ever lose your security keys or forget your password, the lengthy account recovery process will lock you out of your account for days. Expect the specifics to change, however, as Google updates the program’s protections and functionality going forward.
By definition, Advanced Protection won’t be for everyone. Using it means accepting more inconvenience in exchange for higher security. But if an account breach could threaten your reputation, career, or even your life, it is an option worth considering. If you turn on Advanced Protection on and it turns out to not be the right fit, it can be turned off at any time.