An upcoming security feature for Gmail will use two physical security keys to protect executives and other high-value targets from potential cyberattacks, according to a Friday Bloomberg report. The feature, known as Advanced Protection Program, will likely launch next month, the report said.
One of the primary methods of protection employed by the new feature will be to block third-party applications from accessing Gmail account data or Google Drive files, the report said. This could help mitigate the effects of a phishing attack, for example.
The way it works, however, is perhaps the most interesting aspect about it. Instead of relying on multi-factor authentication, like most other security programs today, the service will rely on two separate physical security keys to authenticate the user.
SEE: Information security incident reporting policy (Tech Pro Research)
Back in 2014, Google unveiled software for its USB Security Key functionality, which uses a USB stick to help improve some security methods around two-factor authentication. The new method will use a USB Security Key, along with another physical key to authenticate.
The new method will be specifically targeted toward executives and other key leaders, as they are more likely to be the victim of a politically-motivated or state-sponsored attack, the report said. The report gave the example of Hillary Clinton's 2016 campaign chairman, John Podesta, having his Gmail account hacked.
The feature, if it comes to pass, will be the latest in a string of attempts by Google and parent company Alphabet to strengthen the security of Gmail and the rest of its G Suite of apps. The firm introduced new warnings to fight phishing in late 2016, and added new machine learning-enabled tools to help secure Gmail data in 2017.
The 3 big takeaways for TechRepublic readers
- Advanced Protection Program, a new security tool for Gmail, aims to make executives' and other leaders' emails more secure with the help of two physical security keys.
- The biggest feature of the program is the fact that it blocks third-party apps from accessing data in a Gmail account, or files on a user's Google Drive.
- Google has taken many steps to improve the security of Gmail, including adding machine learning tools and new phishing warnings.
- How to build a successful career in cybersecurity (free PDF) (TechRepublic)
- Most Fortune 500 companies aren't using this basic email security feature (ZDNet)
- Personal vs. corporate email: The security threats differ, says Google (TechRepublic)
- Google's new Gmail security: If you're a high-value target, you'll use physical keys (ZDNet)
- Why email encryption is failing, and how to fix it (TechRepublic)