Google removes enrollment barrier for prospective Advanced Protection Program users


Google has removed a potential obstacle for high-risk users who want to enroll in the company’s Advanced Protection Program (APP): they can now do it just by setting a passkey.

Users already enrolled in APP have been provided the option to add passkeys to their account a year ago. However, until now, new users were required to have two physical security keys (or one physical key and their Android or iOS device) to enroll in the first place.

“This removes that barrier without removing the security bar we have set for APP users,” the program’s Product Lead Shuvo Chatterjee told Help Net Security.

What is the Advanced Protection Program?

Google’s Advanced Protection Program was launched in late 2017 with the express intention of providing additional security for users who are more likely to be hit with targeted attacks: journalists, human rights activitists and workers, political campaign staff, people in abusive relationships, IT admins, employees in regulated or high-risk verticals, etc.

“Advanced Protection Program (APP) is our strongest level of Google Account security and provides extra safeguards against common attacks like phishing, malware and fraudulent access to data,” Chatterjee explained.

Throughout the years, Google has been adding to these defenses by implementing non-negotiable security features such as blocking the installation of most apps from third-party app stores, switching on (and mandating) the use of Google Play Protect, providing a “risky files” scanning feature, and so on.

Google APP enrollment, now with a passkey

This latest change is meant to make it easier and possible for more users to enroll into APP.

“We’ve seen the global struggles of people wanting an extra layer of protection but unable to enroll for various reasons, including not having access (physically, financially, etc.) to security keys. We’re always streamlining our offerings and will continue to hear and apply the feedback directly from our users,” Chatterjee explained.

Passkeys – a more secure and phishing-resistant alternative to traditional passwords – rely on a fingerprint, face scan or a PIN, and are stored on users’ devices. They are more convenient to use that passwords, and can also be stored in password managers.

In addition to this, Google has announced that it’s partnering with Internews, a nonprofit organization that supports independent media in countries arount the world, to help train journalists on Google’s tools (including APP and Project Shield) and provide security keys at no cost.

“Passkey coming to APP is particularly important to journalists and human rights activists that Internews supports, such as those in war zones,” Chatterjee added.



Source link