For example, Google suggests purchasing a Yubico FIDO U2F security key and a Feitian MultiPass FIDO security key. Once you have two U2F keys approved by the FIDO Alliance, you can turn on Advanced Protection.
Once Advanced Protection is on, your Google life will change. 2FA verification codes sent to your phone and the Google Authenticator app will no longer grant access to your account. If you accidentally fall for a phishing scam and enter your password, the attacker or social engineer can’t get into your account without the U2F keys.
If an attacker tries impersonation and uses the "forgot password" route, there are added steps for an Advanced Protection user to verify his or her identity. Google doesn’t specify what those extra steps will be other than "additional reviews and requests for more details about why you’ve lost access to your account."
Furthermore, "if you ever lose access to your account and both of your Security Keys, these added verification requirements will take a few days to restore access to your account."
Additionally, to prevent third-party malicious apps from gaining access your account, Google will automatically limit access to your Gmail and Drive to specific apps — especially its own for now. If you want to access your Gmail, then you have to use Chrome or the Gmail app. You will also have to use Chrome if you want to access your Photos or other signed-in Google services.
Personalized Google Security Checkup
To celebrate Cybersecurity Awareness Month, Google said it intends to launch a series of security announcements this week.
Yesterday, Google announced the launch of its revamped Security Checkup, which provides "personalized guidance to help you improve the security of your account." Hopefully, you will see a green check mark next to each item in the list. If not, then you need to take care of the items marked with yellow or red exclamation points. The new and improved Security Checkup will evolve as new threats arise.
Google is also testing new predictive phishing protections in Chrome. If you input your Google password into a suspected phishing site, you might see a warning that states something similar like this: "This site may have just stolen your password."
The company added, "We plan to expand predictive phishing protection to all other passwords you’ve saved in Chrome’s password manager, and [we plan to] enable other apps and browsers that use Safe Browsing technology, like Safari, Firefox and Snapchat, to use it as well." (Mrs. Smith, csonline.com)
