Google plans on offering a new security program that will
offer high-profile executives an upgrade from the standard protections on Gmail
and Google Drive. The new service, called the Advanced Protection Program, will
use physical USB security keys that add protection beyond two-part email
authentication. It will also restrict the third-party apps and services that
can connect to a Google account.
While not fool-proof and, as of now, limited to Google
services, the technology may migrate someday. For now, it will work to limit
the types of damage seen on high-profile hacks to Google accounts. Many major
hacks involve companies whose networks were believed to be initially penetrated
by email, with executives downloading malware attachments that spread
throughout their contacts.
Bloomberg News first reported the changes, which target
“corporate executives, politicians and others with heightened security
concerns.” The news service said that
the hack of Hillary Clinton campaign chair John Podesta’s Gmail account
prompted Google to look into improving security. Google has declined comment.
It is expected to announce the program next month.
The new physical security keys will require users to keep
them plugged in to their systems to access the additional security controls.
Many Hollywood executives are still using plain-text
passwords on Google and non-Google systems, making hacking somewhat easier.
Once hackers have compromised one email address, they can then move laterally
among contacts and spread malicious code among trusted accounts.
