You keep a lot of sensitive information in your Google account — bank account balances, email addresses and phone numbers, pictures of your face, your friends’ faces, your family. If you want to protect that sensitive data with the highest level of security you can get, you’ll want to take a look at the Google Advanced Protection Program. Google’s program makes it practically impossible for anyone other than you to access your Gmail, Google Drive, Google Photos or other Google services. Google claims it offers the strongest consumer-grade security available.
You have a right to be concerned — data breaches have become so commonplace that CNET now keeps a running tally. Just last month, hackers rang up thousands of dollars’ worth of Facebook ads on unsuspecting users’ credit cards. Meanwhile, one of the biggest players in the virtual private network space, NordVPN, reluctantly admitted to a massive breach after a security researcher blew the whistle on Twitter.
Whether you’re ready to add maximum safeguards to your Google account, or you’re just curious how Google’s high-security program works, here’s everything you need to know about the Google Advanced Protection Program and how it can protect your data.
How the program protects your account
The Google Advanced Protection Program protects your personal information by requiring a physical security key, similar to the kind of dongle you use to start a car with keyless ignition. You don’t need to plug it into your phone, laptop or desktop, but you do need to keep it nearby whenever you access your Google account, like on a keychain or in your pocket.
The Google Store sells a set of Titan security keys for $50, but there are other options as well.
One of the common denominators among most data breaches is that attacks are carried out remotely, over the Internet. That’s why physical security keys, much like the ones Google user or those that Microsoft customers can now use to unlock their Windows machines, are such an effective defense against online hackers. Even if a scammer did steal your username and password, they still couldn’t get into your account without that physical key.
Same goes for anyone who might surreptitiously steal your password — nosy coworkers, a suspicious spouse. Without that key, your Google account is practically impenetrable.
There are, however, some trade-offs
Once enrolled in the Google Advanced Protection Program, Google services are going to be a little harder to access, for both you as well as most third-party apps that tap into your YouTube, Gmail, Google Drive or other areas of your Google account in order to work.
All Google apps will still function, as will a select few non-Google apps like Apple’s Mail, Calendar and Contact apps for iOS, as well as Mozilla’s Thunderbird email client. Travel tracking apps, or apps that aggregate your online purchases by scanning your Gmail for receipts, however, will mostly no longer work. Also, any Google services accessed via mobile or desktop browser will now only work with Chrome or Firefox.
In addition to these hurdles, if you do happen to lose both your security key and your backup key, the process for regaining access to your Google account will take several days, as Google will go through extra steps to verify your identity before unlocking it. That’s because sometimes hackers contact companies like Google pretending to be you in the hopes of having your password reset and hijacking your account.
There’s a one-time cost to set it up, but no monthly fee
The first thing you’ll need to do is purchase two physical security keys — even though you’ll only need one at a time to access your account, Google wants to be sure you have a backup in case you lose it. Google sells the Titan Security Key Bundle at the Google Store for $50.
The two included keys run on Google-engineered firmware, and thanks to a recent hardware update, the Titan USB key now fits USB-C ports like those on all , including the , as well as many and . It also comes with adapters so you can use it with USB-A and Micro-USB ports as well.
For most people, the Titan set will work just fine, but if you insist on choosing your own keyset, either to save money or because you prefer another manufacturer, look for a key fob that works with FIDO Universal 2nd Factor (U2F), aka FIDO2. YubiKey is a popular alternative. They sell compatible keys that cost between $20 to $70 each, which you can order directly from the YubiKey website.
Compatible keys also are available from a variety of online retailers for anywhere from about $7 to over $40. Certain Android phones also come equipped with a compatible Bluetooth security key. Google recommends having one Bluetooth fob as your primary key and one USB key as a backup.
Register your keys and enroll in the program
Once you’ve got the key situation sorted out, head back over to your Google account to register the keys and enroll in the program. Note that from here on out you’ll have to use either Chrome or Firefox — you won’t be able to access your Gmail, Google Docs or other Google services with Safari, Internet Explorer or other browsers.
While you’re in your account settings, it might be a good idea to also set up some additional ways Google can verify it’s you. This will both strengthen your account’s security as well as make it easier to get back in if you ever lose both your security keys.
It works with G-Suite accounts, too
Many schools, universities and employers use Google’s enterprise G-Suite software package to provide email addresses, cloud storage and other features and benefits to students, instructors and employees. Google just began supporting G-Suite customers last summer, however, you may have to contact your supervisor or system administrator to have the option turned on.
Google’s Advanced Protection Program continues to evolve
G-Suite compatibility isn’t the only new improvement to the Advanced Protection Program, as Google recently broadened the program’s scope to also include. This is a welcome feature, as .
Although it may seem ironic to trust your security to Googleas well as , the other side of that coin is that than any other tech company, so if anyone’s going to keep an eye on your digital security, it might as well be Google.
Originally published earlier this month.