How Google’s Advanced Protection Program works

Google has made flash drives to insert on computers and smartphones that will prevent a hacker from stealing our credentials on accounts

Passwords, despite the great danger to our security that they often represent, remain the most common method of access for online accounts. For this reason, Google has decided to reinforce passwords with a new tool: the Advanced Protection Program.

The purpose of this new Mountain View feature is to make it useless for a hacker to steal credentials.

To gain access to an account on the Web, it will no longer be enough for an attacker to only know the access code chosen by the victim. To start using Google's Advanced Protection Program we'll have to buy two small physical keys that we'll need to protect smartphones and computers. Basically, this is a two-factor protection technique, but one that uses physical devices. In addition to the password to access we will also have to enter the temporary password shown by the small physical key.

How it works

This is a solution very similar to the one already implemented by some banks for their online services. In practice, the hacker to access our account must be able to physically steal the key, otherwise, even if we fall victim to a phishing attack or social engineering techniques, we will not lose our account. Why did Google think of this solution? Because after research by cybersecurity company Positive Technologies, it was shown how two-factor authentication messages can be targeted by hackers, making the use of the two passcodes useless. Instead, it is impossible for cyber criminals to tamper with, except physically, these keys that generate unique timed passwords. At the moment Mountain View has chosen a particular target of users to whom it will sell these physical password generators. These are businesses, large and medium-small, journalists, institutions and even victims of stalking. At the moment, the tool is not yet ready for a mass sale. The reason? It's only compatible with Google accounts, so it doesn't work with social media, like Facebook, or with email accounts outside of Mountain View. However, it must be said that Google has promised that it will soon work to make its "security key" compatible with most of the services on the Net.

Where to buy

You can still buy Google keys at the moment. Just sign up on the Advanced Protection Program page on our Google account and then choose how many keys to buy. The cost is about $20 each. Each key has a fingerprint scanner that recognizes only us. To use it is then inserted, via USB port, on your computer or smartphone. Each time we access a Google service the key will generate a unique access code, which we will not have to enter and therefore can not be copied, which will allow us to access the account.