Lock down your Gmail account like it’s Fort Knox: Google Advanced Protection Program – CNET


Google’s Titan Security Key, which works with the Google Advanced Protection Program, is available on the Google Store in a set of two for $50.

Sarah Tew/CNET

You keep a lot of sensitive information in your Google account — bank account balances, email addresses and phone numbers, pictures of your face, your friends’ faces, your family. If you want to protect that sensitive data with the highest level of security you can get, you’ll want to take a look at the Google Advanced Protection Program. Google’s program makes it practically impossible for anyone other than you to access your Gmail, Google Drive, Google Photos or other Google services. Google claims it offers the strongest consumer-grade security available.

You have a right to be concerned — data breaches have become so commonplace that CNET now keeps a running tally. Just last month, hackers rang up thousands of dollars’ worth of Facebook ads on unsuspecting users’ credit cards. Meanwhile, one of the biggest players in the virtual private network space, NordVPN, reluctantly admitted to a massive breach after a security researcher blew the whistle on Twitter.

Whether you’re ready to add maximum safeguards to your Google account, or you’re just curious how Google’s high-security program works, here’s everything you need to know about the Google Advanced Protection Program and how it can protect your data.


Now playing:
Watch this:

Android devices can now be security keys, YouTube TV…


How the program protects your account

Google Titan security key

The Google Titan USB-C security key is meant to be kept as a backup, in case your Bluetooth key is ever lost or quits working.


The Google Advanced Protection Program protects your personal information by requiring a physical security key, similar to the kind of dongle you use to start a car with keyless ignition. You don’t need to plug it into your phone, laptop or desktop, but you do need to keep it nearby whenever you access your Google account, like on a keychain or in your pocket. 

The Google Store sells a set of Titan security keys for $50, but there are other options as well.

One of the common denominators among most data breaches is that attacks are carried out remotely, over the Internet. That’s why physical security keys, much like the ones Google user or those that Microsoft customers can now use to unlock their Windows machines, are such an effective defense against online hackers. Even if a scammer did steal your username and password, they still couldn’t get into your account without that physical key. 

Same goes for anyone who might surreptitiously steal your password — nosy coworkers, a suspicious spouse. Without that key, your Google account is practically impenetrable.

There are, however, some trade-offs

Once enrolled in the Google Advanced Protection Program, Google services are going to be a little harder to access, for both you as well as most third-party apps that tap into your YouTube, Gmail, Google Drive or other areas of your Google account in order to work. 

Google security key

YubiKey also makes security keys such as this one that are compatible with the Google Advanced Protection Program.

Josh Miller/CNET

All Google apps will still function, as will a select few non-Google apps like Apple’s Mail, Calendar and Contact apps for iOS, as well as Mozilla’s Thunderbird email client. Travel tracking apps, or apps that aggregate your online purchases by scanning your Gmail for receipts, however, will mostly no longer work. Also, any Google services accessed via mobile or desktop browser will now only work with Chrome or Firefox.

In addition to these hurdles, if you do happen to lose both your security key and your backup key, the process for regaining access to your Google account will take several days, as Google will go through extra steps to verify your identity before unlocking it. That’s because sometimes hackers contact companies like Google pretending to be you in the hopes of having your password reset and hijacking your account.

There’s a one-time cost to set it up, but no monthly fee

The first thing you’ll need to do is purchase two physical security keys — even though you’ll only need one at a time to access your account, Google wants to be sure you have a backup in case you lose it. Google sells the Titan Security Key Bundle at the Google Store for $50. 


The Titan Security Key comes in both a USB and Bluetooth version.

Sarah Tew/CNET

The two included keys run on Google-engineered firmware, and thanks to a recent hardware update, the Titan USB key now fits USB-C ports like those on all modern-day MacBooks, including the new 16-inch MacBook pro unveiled Nov. 13, as well as many Windows machines and Chromebooks. It also comes with adapters so you can use it with USB-A and Micro-USB ports as well.

For most people, the Titan set will work just fine, but if you insist on choosing your own keyset, either to save money or because you prefer another manufacturer, look for a key fob that works with FIDO Universal 2nd Factor (U2F), aka FIDO2. YubiKey is a popular alternative. They sell compatible keys that cost between $20 to $70 each, which you can order directly from the YubiKey website.

Compatible keys also are available from a variety of online retailers for anywhere from about $7 to over $40. Certain Android phones also come equipped with a compatible Bluetooth security key. Google recommends having one Bluetooth fob as your primary key and one USB key as a backup.


You’ll need to connect either a Bluetooth or USB security key to your computer in order to log into Google services under the Advanced Protection Program.

Sarah Tew/CNET

Register your keys and enroll in the program

Once you’ve got the key situation sorted out, head back over to your Google account to register the keys and enroll in the program. Note that from here on out you’ll have to use either Chrome or Firefox — you won’t be able to access your Gmail, Google Docs or other Google services with Safari, Internet Explorer or other browsers.

While you’re in your account settings, it might be a good idea to also set up some additional ways Google can verify it’s you. This will both strengthen your account’s security as well as make it easier to get back in if you ever lose both your security keys.

It works with G-Suite accounts, too

Many schools, universities and employers use Google’s enterprise G-Suite software package to provide email addresses, cloud storage and other features and benefits to students, instructors and employees. Google just began supporting G-Suite customers last summer, however, you may have to contact your supervisor or system administrator to have the option turned on.


Google’s Advanced Protection Program was specifically for Gmail accounts. Now it’ll help protect people when they’re using Google Chrome.

Angela Lang/CNET

Google’s Advanced Protection Program continues to evolve

G-Suite compatibility isn’t the only new improvement to the Advanced Protection Program, as Google recently broadened the program’s scope to also include protecting people from viruses aimed at Chrome. This is a welcome feature, as Chrome already has a pretty bad reputation when it comes to protecting your privacy

Although it may seem ironic to trust your security to Google after the company recently got busted feeding users’ personal data to advertisers as well as collecting health information on millions of Americans without their consent, the other side of that coin is that Google probably knows you better than any other tech company, so if anyone’s going to keep an eye on your digital security, it might as well be Google.

Originally published earlier this month.


READ  Russia's latest 'wonder weapon' is more propaganda than power | TheHill - The Hill


Please enter your comment!
Please enter your name here