If you want serious Google account security, the company’s new Advanced Protection Program is designed to fend off even the sneakiest of hacks.
Although the program is available to all, Google designed it for “high-risk” users such as political campaign staffers, journalists and business leaders who often face targeted email phishing schemes.
To sign up, you’ll have to trade in a little convenience and spend some cash. But in return, you’ll get Google’s strongest security protections and some peace of mind. Here’s a step-by-step guide showing you what to expect.
1. Security keys
Perhaps the biggest change with the Advanced Protection Program is the log-in process. Whenever you sign into a new device you’ll type in your password as usual. But then you’ll connect a USB security key that’s been registered to your account.
These security keys generate a unique passcode that Google uses to unlock your account, providing an extra layer of security. So even if a hacker manages to steal your password, they won’t be able to break into your account without the security key. It’s similar to two-factor authentication, but requires the physical keys rather than a text-based code or Authenticator app.
Unfortunately, security keys aren’t free. They usually cost around $20. And to activate Google’s Advanced Protection Program, you’ll need to own two — one of which will serve as a backup.
2. Where do I buy them?
If you don’t already own several security keys, Google has a few suggestions. The company recommends you buy one USB security key with Bluetooth connectivity from Feitian and a standard USB key from Yubico.
Having a USB security key with Bluetooth is important. PCs may be built with USB ports, but smartphones and tablets generally are not. Feitian’s security key can connect to your mobile devices via Bluetooth.
For Android users, Google partnered with Yubico for a special $50 deal that’ll provide both security keys. One is a standard USB key. The other can connect to a mobile device over Near Field Communication (NFC), a technology Android phones and tablets generally support.
The only drawback is that the Yubico key won’t work with iOS devices (although there are rumblings you can use it with the right adapter cord). Regardless, Apple users will probably have to buy Bluetooth-enabled security keys, such as the one from Feitian or the VASCO Digipass SecureClick.
Once you have two security keys, turn on the Advanced Protection Program. It’ll ask you to log in to your Google account, and you’ll be taken to a page where you can register both security keys.
The process is straightforward. If you’re on a laptop, insert your security key into the USB drive. If there’s a button on the key, tap it. Google should quickly recognize the key and then register it with your account.
You can also turn on the program over your smartphone with security keys that have Bluetooth or NFC.
An important note for iOS users: You’ll have to download an additional app to your device called Google Smart Lock in order to pair your Bluetooth-enabled security key with your Google account. It’ll walk you through how to register your accounts. Google has also posted instructions on how to use the app.
When both keys are registered, Google will show you a page, explaining the limitations of the Advanced Protection Program.
Among the changes is that all third-party apps, including Apple Mail, will be barred from accessing your Gmail or Google Drive data. This is designed to stop hackers from using fake apps or extensions to fool you into giving up access. But it may be a dealbreaker for users who rely on third-party software tools to view their email.
Google also warns that account recovery will take a few days in the event you ever lose access. If that happens, be prepared to tell Google information that can verify your identity, along with what happened to your security keys.
5. Protection on
Once the program is activated, get ready to start using your security key again. As a precaution, Google will log you out from all other devices that were signed into your Google account.
That means you’ll have to sign back in with every device by typing your password, and then using your security key. But you’ll only need the security key for first-time sign-ons.
In your account settings, you can also add or revoke security keys and cut access to any Google sign-ons from other devices. Those options will come in handy if a security key is ever lost, or if your laptop gets stolen. There, you can also quit the Advanced Protection Program. Simply turn it off, and you’ll revert back to Google’s default login process.