Google makes Gmail super secure - but not for most users
High-risk groups such as journalists, political leaders and campaigners can protect their account with Advanced Protection
Google has beefed up security for some Gmail users who may need more robust protection against threats.
The Advanced Protection version of Gmail allows businesses at the biggest risk of targeted attacks to secure their mail against phishing and so on with an enhanced security key. This will protect emails and files stored on Drive from being accessed by non-Google services.
Google also said it will also block fraudulent account access with extra steps to verify it's the user trying to use the services rather than an imposter.
"To provide the strongest defense against phishing, Advanced Protection goes beyond traditional 2-Step Verification," the company explained. "You will need to sign into your account with a password and a physical Security Key. Other authentication factors, like codes sent via SMS or the Google Authenticator app, will no longer work."
Users in high-risk groups, such as journalists, business leaders, and political campaign teams that are likely to be hacked or attacked will only be able to access services such as Gmail and Google Photos from the Chrome browser and third-party apps that want to access Drive or other Google-services apps will be blocked.
iOS users won't be able to use Apple Mail, Contacts or Calendar with their Google account anymore, because those services don't support Security Keys. Instead, iPhone and iPad users will ned to download the Gmail, Inbox, or Google calendar apps on iOS.
If an Advanced Protection user ever loses access to their Security Keys, it'll take a lot longer to re-verify their identity -which could be days, Google said.
"A common way that hackers try to gain access to your account is by impersonating you and pretending they have been locked out of your account. To provide you with the strongest safeguards against this type of fraudulent account access, Advanced Protection adds extra steps to verify your identity," Google added.
Anyone wishing to try the new service can buy two security keys - one for a mobile or tablet and one for a computer. They can be bought from Amazon for $25 (19) and $17.99 (14) respectively and then verified with Google before setting up the service.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now