Google plans on offering a new security program that will offer high-profile executives an upgrade from the standard protections on Gmail and Google Drive. The new service, called the Advanced Protection Program, will use physical USB security keys that add protection beyond two-part email authentication. It will also restrict the third-party apps and services that can connect to a Google account.
While not fool-proof and, as of now, limited to Google services, the technology may migrate someday. For now, it will work to limit the types of damage seen on high-profile hacks to Google accounts. Many major hacks involve companies whose networks were believed to be initially penetrated by email, with executives downloading malware attachments that spread throughout their contacts.
Bloomberg News first reported the changes, which target “corporate executives, politicians and others with heightened security concerns.” The news service said that the hack of Hillary Clinton campaign chair John Podesta’s Gmail account prompted Google to look into improving security. Google has declined comment. It is expected to announce the program next month.
The new physical security keys will require users to keep them plugged in to their systems to access the additional security controls.
Many Hollywood executives are still using plain-text passwords on Google and non-Google systems, making hacking somewhat easier. Once hackers have compromised one email address, they can then move laterally among contacts and spread malicious code among trusted accounts.