lolloj - Fotolia

Google debuts additional identity protection services

Google has rolled out new identity protection features across its account base, including advanced protection for at-risk users

Google has rolled out a series of online security enhancements across its services, introducing more personalised security checkups for user accounts and additional phishing protections in its Chrome browser.

The revamped checkup service will now include personalised guidance for each user, instead of the same checklist for all accounts, and will evolve as new threats arise, according to Google’s security checkup product manager Yafit Becher.

“When you visit the checkup, you’ll automatically see your security status – a green check mark icon means you’re good to go, and a yellow or red exclamation point icon means there’s at least one issue for you to take care of,” he said.

Alongside this, Google has also added an advanced protection option for a “minority of our users” that are considered particularly at risk of being on the receiving end of a targeted attack.

Dario Salice, advance protection product manager, said these might be campaign staffers working on an election, journalists protecting their sources, or people fleeing abusive relationships.

This programme will focus on three defences: firstly, using physical security keys to provide two-factor authentication; secondly, automatically limiting application access to Gmail and Drive accounts; and thirdly, enhanced steps to prevent attackers from accessing a user account by pretending you have been locked out, although it means users will have to go through additional steps to recover their Google accounts if they are genuinely locked out.

Advanced Protection provides Google’s strongest security, designed for those who are at an elevated risk of attack and are willing to trade off a bit of convenience for more protection of their personal Google Accounts,” said Salice.

“Journalists, human rights defenders, environment campaigners and civil society activists working on any number of sensitive issues can quickly find themselves targeted by well-resourced and highly capable adversaries,” said Andrew Ford Lyons, a technologist at non-profit media development organisation Internews.

“For those whose work may cause their profile to become more visible, setting this up could be seen as an essential preventative step.”

Google’s enhancements to the Chrome web browser come in the form of a new phishing protection service, which will use data collected over the past decade to enhance its safe browsing feature with more responsive, predictive phishing site scanning capabilities.

Read more about online security

  • Intelligence agencies are “unlawfully” sharing huge datasets containing sensitive information about the population with industry, government departments and overseas intelligence services, a court will hear this week.
  • The discovery of a vulnerability affecting the WPA2 Wi-Fi security standard has people in a spin. But how serious is it really, and what basic steps can you take to keep your network safe from a Krack attack?

While welcoming the fact that Google was clearly taking some initiative around account security, SecureData chief security strategy officer Charl van der Walt said it was by no means a cure-all.

“A very significant number of successful breaches are still achieved via a compromised desktop, mostly via a malicious document attachment. Undoubtedly Google will become far better at detecting and blocking such attachments, thereby better mitigating an additional threat vector not covered by these ‘advanced’ new controls,” he said.

“High-profile users, however, should be aware that unauthorised access to their computer is as much a threat to email confidentiality as unauthorised access to Google itself, and these new controls will do little to change this.”

Intercede CEO Richard Parris voiced similar concerns, saying that the advanced programme in particular fell short when it came to convenience.

“Being the patience-poor and fickle creatures that we are, unfortunately if a security measure compromises the user experience, it will almost certainly never be fully embraced by the mainstream,” he said.

Read more on Identity and access management products