You store a ton of personal information in your Google account -- bank account balances, email addresses and phone numbers, pictures of your face, your friends' faces, your family. If you want to protect that sensitive data with the highest level of security you can get, consider the Google Advanced Protection Program. Google's program makes it nearly impossible for anyone other than you to access your Gmail, Google Drive, Google Photos or other Google services. Best of all, thanks to a recent update, adding what Google claims is the strongest level of consumer-grade security to your Google account just got a bit easier.
You have a reason to be concerned about your private information -- companies reported a staggering 5,183 data breaches in 2019 alone. And even though you may not be as high-profile of a target at Jeff Bezos, it's not particularly reassuring that even the CEO of one of the biggest tech companies on earth isn't impervious to getting his phone hacked. Sometimes even the effort to make your passwords as strong as possible isn't enough.
Whether you're ready to add maximum safeguards to your Google account, or you're just curious how Google's high-security program works, here's everything you need to know about the Google Advanced Protection Program and how it can protect your data.
How the program protects your account
The Google Advanced Protection Program protects your personal information by requiring a physical security key, similar to the kind of dongle you use to start a car with keyless ignition. You don't need to plug it into your phone, laptop or desktop, but you do need to keep it nearby whenever you access your Google account, like on a keychain or in your pocket.
The Google Store sells a set of Titan security keys for $50, but you have others options, including a new app available for Android and iOS that seamlessly turns your mobile device into a security key.
One of the common denominators among most data breaches is that attacks are carried out remotely, over the Internet. That's why physical security keys, much like the ones Google user or those that Microsoft customers can now use to unlock their Windows machines, are such an effective defense against online hackers. Even if a scammer did steal your username and password, they still couldn't get into your account without that physical key.
Same goes for anyone who might surreptitiously steal your password -- nosy coworkers, a suspicious spouse. Without that key, your Google account is practically impenetrable.
There are, however, some trade-offs
Once enrolled in the Google Advanced Protection Program, Google services are going to be a little harder to access, for both you as well as most third-party apps that tap into your YouTube, Gmail, Google Drive or other areas of your Google account to work.
Google apps will still function, as will a select few non-Google apps like Apple's Mail, Calendar and Contact apps for iOS, as well as Mozilla's Thunderbird email client. Travel tracking apps, or apps that aggregate your online purchases by scanning your Gmail for receipts, however, will mostly no longer work. Also, any Google services accessed via mobile or desktop browser will now only work with Chrome or Firefox.
In addition to these hurdles, if you do happen to lose both your security key and your backup key, the process for regaining access to your Google account will take several days, as Google will go through extra steps to verify your identity before unlocking it. That's because sometimes hackers contact companies like Google pretending to be you in the hopes of having your password reset and hijacking your account.
Key fobs will cost you, but there's no monthly fee
The first thing you'll need to do is set up two security keys -- even though you'll only need one at a time to access your account, Google wants to be sure you have a backup in case you lose it. You can use your smartphone or tablet as keys so long as they have Bluetooth, but Google also sells the Titan Security Key Bundle at the Google Store for $50 if you'd prefer to use something other than devices you currently own.
Titan security keys run on Google-engineered firmware, and thanks to a recent hardware update, the Titan USB key now fits USB-C ports like those on all modern-day MacBooks, including the recent 16-inch MacBook Pro, as well as many Windows machines and Chromebooks. It also comes with adapters so you can use it with USB-A and Micro-USB ports as well.
For most people, the Titan set will work just fine, but if you insist on choosing your own keyset, either to save money or because you prefer another manufacturer, look for a key fob that works with FIDO Universal 2nd Factor (U2F), aka FIDO2. YubiKey is a popular alternative. They sell compatible keys that cost between $20 to $70 each, which you can order directly from the YubiKey website. Compatible keys also are available from a variety of online retailers for anywhere from about $7 to over $40.
Although Google recommends having one Bluetooth key as your primary and one USB key as a backup, the program allows you to set up both as Bluetooth keys, including using mobile devices, if you'd prefer. If you have an iPhone or iPad, download the Google Smart Lock app to turn your phone or tablet into a security key. Android users, however, don't need to use a separate app to activate their built-in security key, they just need to register it.
Register your keys and enroll in the program
Once you've got the key situation sorted out, head back over to your Google account to register the keys and enroll in the program. Note that from here on out you'll have to use either Chrome or Firefox -- you won't be able to access your Gmail, Google Docs or other Google services with Safari, Internet Explorer or other browsers.
While you're in your account settings, it might be a good idea to also set up some additional ways Google can verify it's you. This will both strengthen your account's security as well as make it easier to get back in if you ever lose both your security keys.
It works with G-Suite accounts, too
Many schools, universities and employers use Google's enterprise G-Suite software package to provide email addresses, cloud storage and other features and benefits to students, instructors and employees. For the Advanced Protection Program, Google began supporting G-Suite customers last summer, but you may have to contact your supervisor or system administrator to have the option turned on.
Google's Advanced Protection Program continues to evolve
G-Suite compatibility isn't the only new improvement to the Advanced Protection Program, as Google recently broadened the program's scope to also include protecting people from viruses aimed at Chrome. This is a welcome feature, as Chrome already has a pretty bad reputation when it comes to protecting your privacy.
Although it may seem ironic to trust your security to Google after the company recently got busted feeding users' personal data to advertisers as well as collecting health information on millions of Americans without their consent, the other side of that coin is that Google probably knows you better than any other tech company, so if anyone's going to keep an eye on your digital security, it might as well be Google.
Originally published last year.