After an intense election embroiled in cyber-security scandals, Google recently implemented the Advanced Protection Program for high-end users who have a high risk of targeted online attacks. These high-end users will include, but are not limited to, government officials, campaign staff members, and journalists who need to protect the confidentiality of their sources.
This new security program will focus on three core defenses:
1. Phishing, the fraudulent practice of sending emails under reputable company names in order to obtain sensitive information such as passwords and credit card numbers from individuals.
To combat this, Advance Protection will require users to use security keys in order to sign in to their accounts. These keys are akin to small USB devices that contain digital signatures and will be used alongside a password. Even if someone gets a hold of the password, the account cannot be accessed without the physical security key.
2. Accidental Sharing, occurs when one unknowingly grants malicious applications access to their Google data.
The Advanced Protection Program will limit access of Gmail and Google Drive to specific Google-based applications.
3. Fraudulent Account Access, where hackers impersonate the account holder in order to access personal and sensitive user information.
In order to rectify this from happening, Google will include additional steps during the account recovery process, which will include additional reviews and requests for detail on why the user has lost access to the account.
While the program is currently only available for government officials and political users, Google has stated that the program could possibly extend to people in the Witness Protection Program, civil society activists, and those who are simply seeking safety such as individuals involved in abusive relationships.