Google is said to retool user security in wake of political hack
Google is preparing to upgrade its security tools for online accounts to better insulate users from cyberattacks and politically motivated hacks, according to two people familiar with the company’s plan.
The Alphabet Inc Company next month will begin offering a service called the Advanced Protection Program that places a collection of features onto accounts such as e-mail, including a new block on third-party applications from accessing data.
The program would effectively replace the need to use two-factor authentication to protect accounts with a pair of physical security keys. The company plans to market the product to corporate executives, politicians and others with heightened security concerns, these people said.
The Gmail messages of John Podesta, Hillary Clinton’s 2016 campaign chairman, were famously hacked last year, along with the databases of the Democratic National Committee. Podesta met with the House Intelligence Committee in June to discuss the hack.
Google released software in 2014 for a USB Security Key, a device designed to improve existing security measures, like two-factor authentication. Two-factor authentication involves using a second code or password, for example, to log onto email.
When plugged into computers, the key lets users create more robust security measures for accounts on Gmail and other Google sites. The new service will continue to require a physical USB key in addition to a second physical key for greater protection.
The new service will block all third-party programs from accessing a user’s emails or files stored on Google Drive, said the people, who asked not to be identified because the product isn’t yet public. The program will be updated with new features to protect user data on an on-going basis.
A Google spokesman declined to comment.
Over the past year, Google has refurbished its account security systems several times. The upgrades come as the company pitches its Gmail and document apps to business clients. In February, Google added additional controls against phishing attacks for enterprise clients.