Google will soon be offering an Advanced Protection Program to lock down the Gmail accounts of high-value targets.
According to Bloomberg, the new Gmail service will block third-party apps from accessing user data and introduces a replacement for two-factor authentication based on Google’s USB Security Key.
Google will begin offering the Advanced Protection Program next month, which will be marketed to “corporate executives, politicians and others with heightened security concerns”.
The service appears to be aimed at raising defenses against sophisticated phishing attacks of the type that led to the Gmail hack of Hillary Clinton’s 2016 campaign chairman, John Podesta, and the breach of the Democratic National Convention’s (DNC) databases.
Bloomberg notes that the service builds on USB Security Key, for which Google introduced software in 2014. Security Key is a physical USB key used in place of a code required for two-step verification.
It’s more secure because an attacker needs physical possession of the key to access an account they have credentials for. The USB key also cryptographically verifies the user is on a legitimate Google site and not a phishing site.
G Suite admins can force their users to require the USB key for login. The Advanced Protection Program will require two keys to use the service, according to Bloomberg.
Gmail accounts in the Advanced Protection Program will also prevent third-party apps from accessing data, Bloomberg notes. This measure appears to be aimed at preventing third-party apps from using OAuth to access Google apps.