I’ve written many times about the importance of enabling 2-factor authentication on your Google accounts (and other accounts, where available) as a basic security measure, e.g. in “Do I really need to bother with Google’s 2-Step Verification system? I don’t need more hassle and my passwords are pretty good” — https://plus.google.com/+LaurenWeinstein/posts/avKcX7QmASi — and in other posts too numerous to list here.
Given this history, I’ve now begun getting queries from readers regarding Google’s newly announced and very important “Advanced Protection Program” (APP) for Google accounts — most queries being variations on “Should I sign up for it?”
The APP description and “getting started” page is at:
https://landing.google.com/advancedprotection/
It’s a well designed page (except for the now usual atrocious low contrast Google text font) with lots of good information about this program. It really is a significant increase in security that ordinary users can choose to activate, and yes, it’s free (except for the cost of purchasing the required physical security keys, which are available from a variety of vendors).
But back to that question. Should you actually sign up for APP?
That depends.
For the vast majority of Google users, the answer is likely no, you probably don’t actually need it, given the additional operational restrictions that it imposes.
However, especially for high-profile users who are most likely to be subjected to specifically targeted account attacks, APP is pretty much exactly what you need, and will provide you with a level of account security typically unavailable to most (if any) users at other commercial sites.
Essentially, APP takes Google’s existing 2-factor paradigm and restricts it to only its highest security components. So while USB/Bluetooth security keys are the most secure option for conventional 2-factor use on Google accounts, other 2-factor options like SMS text messages (to name just one) continue to also be available. This provides maximum flexibility for most users, and minimizes the chances of their accidentally locking themselves out of their Google accounts.
APP requires the use of these security keys — the other options are no longer available. If you lose the keys, or can’t use them for some reason, you’ll need to use a special Google account recovery procedure that could take up to several days to complete — a rigorous process to assure that it’s really you trying to regain access to the account.
There are other security-conscious restrictions to your account as well if you enable APP. For example, third-party apps’ access to your account will be significantly restricted, preventing a range of situations where users might otherwise accidentally grant overly broad permissions from outside apps to Google accounts.
It’s important to remember that there do exist situations where you are likely to not be able to use security keys. Public computers (and ironically, computers in high security environments) often have unusable USB ports and have Bluetooth locked in a disabled mode. These can be important considerations for some users.
Cutting to the chase, Google’s standard 2-factor systems are usually going to be quite good enough for most users and offer maximum flexibility — of course only if you enable them — which, yeah, you really should have done by now!
But in special cases for particularly high-profile or otherwise vulnerable Google users, the Advanced Protection Program could be the proverbial godsend that’s exactly what you’ve been hoping for.
As always, feel free to contact me if you have any additional questions about this.
Be seeing you.
–Lauren–
One thing that Google did not comment on is if the current practice of allowing accounts to be authenticated periodically (e.g. once a month) will continue, or if you need to authenticate for every session.
It was unfortunate that they made the announcement when the Feitian Bluetooth fob is not available anywhere. People with IOS devices won’t be able to do anything until they are available.
I just checked on this. Unofficially, my G source tells me that you likely can stay logged in pretty much indefinitely in this mode, just as with ordinary user 2sv. So control over your endpoints is important, and of course log out when you don’t have control over them. Once a month reauthentication is I believe more the norm for Google Apps For Your Domain, for example.
It also seems apparent that the other (main?) reason for having two keys is to minimize the risk of losing one. Google should probably emphasize that having a backup U2F key and keeping it safe (like not on the same keychain at a minimum) will minimize the risk of having to learn all about their new re-authentication process.