© Provided by CBS Interactive Inc. Google's Titan Security Key, which works with the Google Advanced Protection Program, is available on the Google Store in a set of two for $50. Sarah Tew/CNET |
You store a ton of personal information in your Google account -- bank account balances, email addresses and phone numbers, pictures of your face, your friends' faces, your family. If you want to protect that sensitive data with the highest level of security you can get, consider the Google Advanced Protection Program. Google's program makes it nearly impossible for anyone other than you to access your Gmail , Google Drive , Google Photos or other Google services. Best of all, thanks to a recent update, adding what Google claims is the strongest level of consumer-grade security to your Google account just got a bit easier.
© CNET James Martin/CNET |
You have a reason to be concerned about your private information -- companies reported a staggering 5,183 data breaches in 2019 alone. And even though you may not be as high-profile of a target at Jeff Bezos, it's not particularly reassuring that even the CEO of one of the biggest tech companies on earth isn't impervious to getting his phone hacked. Sometimes even the effort to make your passwords as strong as possible isn't enough.
Whether you're ready to add maximum safeguards to your Google account, or you're just curious how Google's high-security program works, here's everything you need to know about the Google Advanced Protection Program and how it can protect your data.
Whether you're ready to add maximum safeguards to your Google account, or you're just curious how Google's high-security program works, here's everything you need to know about the Google Advanced Protection Program and how it can protect your data.
How the program protects your account
© Provided by CBS Interactive Inc. The Google Titan USB-C security key is meant to be kept as a backup, in case your Bluetooth key is ever lost or quits working. Google |
The Google Store sells a set of Titan security keys for $50, but you have others options, including a new app available for Android and iOS that seamlessly turns your mobile device into a security key.
One of the common denominators among most data breaches is that attacks are carried out remotely, over the Internet. That's why physical security keys, much like the ones Google user or those that Microsoft customers can now use to unlock their Windows machines, are such an effective defense against online hackers. Even if a scammer did steal your username and password, they still couldn't get into your account without that physical key.
Same goes for anyone who might surreptitiously steal your password -- nosy coworkers, a suspicious spouse. Without that key, your Google account is practically impenetrable.
There are, however, some trade-offs
Once enrolled in the Google Advanced Protection Program, Google services are going to be a little harder to access, for both you as well as most third-party apps that tap into your YouTube, Gmail, Google Drive or other areas of your Google account to work.
Google apps will still function, as will a select few non-Google apps like Apple's Mail, Calendar and Contact apps for iOS , as well as Mozilla's Thunderbird email client. Travel tracking apps, or apps that aggregate your online purchases by scanning your Gmail for receipts, however, will mostly no longer work. Also, any Google services accessed via mobile or desktop browser will now only work with Chrome or Firefox.
In addition to these hurdles, if you do happen to lose both your security key and your backup key, the process for regaining access to your Google account will take several days, as Google will go through extra steps to verify your identity before unlocking it. That's because sometimes hackers contact companies like Google pretending to be you in the hopes of having your password reset and hijacking your account.
© Provided by CBS Interactive Inc. YubiKey also makes security keys such as this one that are compatible with the Google Advanced Protection Program. Josh Miller/CNET |
In addition to these hurdles, if you do happen to lose both your security key and your backup key, the process for regaining access to your Google account will take several days, as Google will go through extra steps to verify your identity before unlocking it. That's because sometimes hackers contact companies like Google pretending to be you in the hopes of having your password reset and hijacking your account.
Key fobs will cost you, but there's no monthly fee
The first thing you'll need to do is set up two security keys -- even though you'll only need one at a time to access your account, Google wants to be sure you have a backup in case you lose it. You can use your smartphone or tablet as keys so long as they have Bluetooth, but Google also sells the Titan Security Key Bundle at the Google Store for $50 if you'd prefer to use something other than devices you currently own.
Titan security keys run on Google-engineered firmware, and thanks to a recent hardware update, the Titan USB key now fits USB-C ports like those on all modern-day MacBooks, including the recent 16-inch MacBook Pro, as well as many Windows machines and Chromebooks. It also comes with adapters so you can use it with USB-A and Micro-USB ports as well.
For most people, the Titan set will work just fine, but if you insist on choosing your own keyset, either to save money or because you prefer another manufacturer, look for a key fob that works with FIDO Universal 2nd Factor (U2F), aka FIDO2. YubiKey is a popular alternative. They sell compatible keys that cost between $20 to $70 each, which you can order directly from the YubiKey website. Compatible keys also are available from a variety of online retailers for anywhere from about $7 to over $40.
Although Google recommends having one Bluetooth key as your primary and one USB key as a backup, the program allows you to set up both as Bluetooth keys, including using mobile devices, if you'd prefer. If you have an iPhone or iPad, download the Google Smart Lock app to turn your phone or tablet into a security key. Android users, however, don't need to use a separate app to activate their built-in security key, they just need to register it.
© Provided by CBS Interactive Inc. The Titan Security Key comes in both a USB and Bluetooth version. Sarah Tew/CNET |
For most people, the Titan set will work just fine, but if you insist on choosing your own keyset, either to save money or because you prefer another manufacturer, look for a key fob that works with FIDO Universal 2nd Factor (U2F), aka FIDO2. YubiKey is a popular alternative. They sell compatible keys that cost between $20 to $70 each, which you can order directly from the YubiKey website. Compatible keys also are available from a variety of online retailers for anywhere from about $7 to over $40.
Although Google recommends having one Bluetooth key as your primary and one USB key as a backup, the program allows you to set up both as Bluetooth keys, including using mobile devices, if you'd prefer. If you have an iPhone or iPad, download the Google Smart Lock app to turn your phone or tablet into a security key. Android users, however, don't need to use a separate app to activate their built-in security key, they just need to register it.
Register your keys and enroll in the program
© Provided by CBS Interactive Inc. You'll need to connect either a Bluetooth or USB security key to your computer to log into Google services under the Advanced Protection Program. Sarah Tew/CNET |
While you're in your account settings, it might be a good idea to also set up some additional ways Google can verify it's you. This will both strengthen your account's security as well as make it easier to get back in if you ever lose both your security keys.
It works with G-Suite accounts, too
Many schools, universities and employers use Google's enterprise G-Suite software package to provide email addresses, cloud storage and other features and benefits to students, instructors and employees. For the Advanced Protection Program, Google began supporting G-Suite customers last summer, but you may have to contact your supervisor or system administrator to have the option turned on.
Google's Advanced Protection Program continues to evolve
G-Suite compatibility isn't the only new improvement to the Advanced Protection Program, as Google recently broadened the program's scope to also include protecting people from viruses aimed at Chrome. This is a welcome feature, as Chrome already has a pretty bad reputation when it comes to protecting your privacy.
Although it may seem ironic to trust your security to Google after the company recently got busted feeding users' personal data to advertisers as well as collecting health information on millions of Americans without their consent, the other side of that coin is that Google probably knows you better than any other tech company, so if anyone's going to keep an eye on your digital security, it might as well be Google.
Although it may seem ironic to trust your security to Google after the company recently got busted feeding users' personal data to advertisers as well as collecting health information on millions of Americans without their consent, the other side of that coin is that Google probably knows you better than any other tech company, so if anyone's going to keep an eye on your digital security, it might as well be Google.