Google Plans Upgrade of Two-Factor Authentication For Politicians and CEOs

An anonymous reader quotes the Verge: Google plans on upgrading its two-factor authentication tool with an improved, physical security measure aimed at protecting high-profile users from politically motivated cyberattacks, according to a report from Bloomberg. The new service, to be called Advanced Protection Program and potentially slated to launch next month, will trade out the standard authentication process for services like Gmail and Google Drive with physical USB security keys. The service would also restrict the types of third-party apps and services that could connect to a user's Google account.

The changes are not likely to affect standard Google account owners, as Bloomberg reports that Google "plans to market the product to corporate executives, politicians and others with heightened security concerns."

We're not worthy

[dcollins117]

Ok Google, I get it. Us plebs don't deserve good security.

Re:We're not worthy

[geekmux]

Ok Google, I get it. Us plebs don't deserve good security.

Well, certainly no other account in a company would be worth securing, right? I mean what access would those piss-ant IT SysAdmins have? I mean, it's not like they control the entire server farm...

Re:We're not worthy

[Mikkeles]

In addition, they act like the politicos are even bright enough to use this!

I suspect the restriction is only because many of us would actually be able to successfully use it.

Re:We're not worthy

[quantaman]

Ok Google, I get it. Us plebs don't deserve good security.

Well, certainly no other account in a company would be worth securing, right? I mean what access would those piss-ant IT SysAdmins have? I mean, it's not like they control the entire server farm...

Is your sysadmin controlling the server farm with their Gmail login? I think you might want a new sysadmin.

Google accounts don't contain technically sensitive information, they contain personally and organizationally sensitive information. The risk is the attacker can compromise an account belonging to someone important (ie, Clinton's campaign manager) and obtains a bunch of sensitive information. Your sysadmin shouldn't have that kind of info in their account.

Now there's an impersonation risk, but unusual requests tend to result in confirmation through other lines of communication,

Re:We're not worthy

[SlaveToTheGrind]

Well, the USB key has been available for well over two years now -- for less than $20.

And what makes you think you wouldn't be able to buy the rest of the new security package if you wanted to (a) pay the going rate, just like above, and (b) live with the restrictions re third-party app access? TFA (which is basically somewhat educated rumor-mongering anyway) simply says it would be marketed to high-profile users, not that it would be restricted to them.

Re:We're not worthy

[Opportunist]

Think again. We're talking about trusting Google with guarding your secrets.

An apt comparison would be to not have medical attention from medieval doctors that treat you with bloodletting and enemas while consulting the stars to find the right cure instead of the pleb's answer to a cold, i.e. herbal tea and bedrest.

Re:We're not worthy

[Opportunist]

Well, maybe that's the idea behind it: A two factor auth that even CEOs and politicians can't fuck up.

Actually, I'm really curious now, so far my attempts have been thwarted. Every time I come up with a foolproof system, the board comes up with a more foolish CEO.

Re:We're not worthy

[Known+Nutter]

(ie, Clinton's campaign manager)

Also Trump WH staff, former Chief of Staff; six in total, so far.

Everything's a goddamn political discussion on Slashdot these days, eh?

Re:We're not worthy

[aaarrrgggh]

Yes, but accounting is a pretty high risk with a direct attack.

(IT would be an indirect attack.)

Re:We're not worthy

do you think they'd be doing this if it was Trump's Campaign Manager that got hacked, and Clinton had won the election? Would that story even spend any time in the media if that was the case?

Google is addressing problems with their service. I think they would have done so if it was Trump as well. I'm not convinced any of it is partisan on their part. The better authentication is probably something they will sell to others if there is enough demand. Personally if you want security I seriously suggest you use a separate program to encrypt your emails before handing them over to google. That way, even if they are vacuumed you have another layer of encryption such that only the sender and the recipient can get at them assuming you have preshared public keys securely, such that you at least know they are unchanged.

Of course had Hillary done that it would be proof to the right wingers of pizzagate or some other bs.

Re:We're not worthy

[jopsen]

U2F is supported by Google and Chrome... Seriously, just get an yubikey... This is probably just Google doing the social work of forcing high-profile accounts to use U2F...

Re:We're not worthy

[rtb61]

Why would not politics exist on slashdot, nerds and geeks have political issues just like regular folk and you know what, they can use technology to get their ideas across as well as obtain political change.

How about a third factor authentication, you know the one where end users get to authenticate that it is real political bullshit, coming from real bullshit politicians, those corporate lies that CEO tells to rip us off democratically, so you know, WE CAN BLOCK THEM, automatically. All paid political messages instantly block. If there are any politicians we want to hear from, we will contact them first. Google fuck off with you political spam.

Re:We're not worthy

[AmiMoJo]

I wish they made a USB key with an emergency suicide feature. Even just a button which if pressed five times rapidly erased the keys.

Physical security is an increasing problem, especially at borders.

Re:We're not worthy

[bluefoxlucid]

Security keys can't be duplicated. They're made with military-grade hardware that costs like $5 and resists fault injections and physical assault, so retrieving the key is impossible with current technology.

I recommended the same thing for identity theft (YouTube). That involves legislation allowing regulation which drives the current consumer-grade (i.e. affordable) technology into requirement without requiring an act of Congress every time the current technology becomes obsolete and vulnerable.

Re:We're not worthy

[darkmeridian]

I wish Google will give me the option of disabling text messaging as a second factor for authentication.

Re:As usual, leftist politicians protect themselve

[Sir+Lurkalot]

As you hide under the Cloak of A.C. ...

That USB stick that I found in the parking lot!

[PolygamousRanchKid+]

Who knows what is on it, but I'll plug it in to my computer anyway!

. . . but Google would never be lackeys, henchmen and hoodlums for the US government . . . and plant NSA spyware on the sticks . . .

. . . would they . . . ?

Re:That USB stick that I found in the parking lot!

[HermMunster]

I tried that stick on my Linux deskop and nothing happened. Why? Inquiring minds want to know.

Re:That USB stick that I found in the parking lot!

[PolygamousRanchKid+]

I tried that stick on my Linux deskop and nothing happened.

The year 2007 was the year of "Linux on the Desktop". Sorry, you're a bit late.

Re:As usual, leftist politicians protect themselve

[stabiesoft]

How is this left/right? Jared has already been caught along with a number of other trump people using private email. Get over it. But I totally agree with one of the prior comments. Thanks google for reminding us that once again the rich/political class is special.

Re:As usual, leftist politicians protect themselve

[youngone]

Ha! Ha! Leftists. Good one.
As if the US has any leftist politicians.

Another brilliantly useless article

[mhkohne]

I'd love to know what Google is actually changing, but the article doesn't really say - I've been using a physical security key for my google account logins for a while now. Though the 'limiting apps that can connect' is certainly a good thing, I can't figure out what they are actually changing otherwise.

Does this involve being able to force accounts to use a security key? What's really going on here?

I lost my...[hacked]

[geekmux]

Because they will spend the money on USB keys and then not bother with creating some form of identity validation policy, cue the "I lost my USB key, can you give me a temporary password?" phone hack in 3...2...

Social Engineering. Because hacking ignorance, is timeless.

Re:I lost my...[hacked]

[Opportunist]

And better nobody thinks that "company policy dictates that I must not" is an answer that CEO is going to accept. This is basically why the CEO fraud is so successful: CEOs with delusions of grandeur and a short temper, with underlings too scared to not jump when someone yells at them through the phone because they're used to it.

Re:I lost my...[hacked]

[sl149q]

For corporate gmail, the "can you give me a new password" request goes to the administrator of your corporate gmail. It does not go to Google.

That raises the bar slightly. First the hackers have to know who that is. Second they have to determine what the practices and procedures for making the request are for your organization and third what a possible way to subvert them are. Should be different for all organizations.

Re:I lost my...[hacked]

[geekmux]

For corporate gmail, the "can you give me a new password" request goes to the administrator of your corporate gmail. It does not go to Google.

That raises the bar slightly. First the hackers have to know who that is. Second they have to determine what the practices and procedures for making the request are for your organization and third what a possible way to subvert them are...

*hacker gleans CxO names and titles from the corporate website, along with major customers from PR postings*

"Yes, Hi. My name is Mr. Smith. I just started last week and lost my token. Mr. [name-drop CEO] stated it was urgent that I contact someone to get access immediately because we have [name-drop customer] waiting on a million-dollar order!"

Yeah, the bar was raised alright. By an inch.

...Should be different for all organizations.

When it comes to social engineering, little has changed.

Re:The Elite use Spyware?

[rholtzjr]

Yes, they do have an IT staff that handles all their security matters. That is how they got Podesta's emails last election.

FIDO U2F keys?

Google already supports FIDO U2F keys, such as yubikey, that you can use instead of their google 2FA app.

How is this news?

Re:FIDO U2F keys?

[godel_56]

Something I've always wondered, what happens if you lose your Yubikey or its electronics stuffs up? How do you reestablish your identity?

Are we back to security questions like "what's your mother's maiden name?"

Re:FIDO U2F keys?

[sl149q]

Through your back up email account. Or (currently) if enabled, a text to your back up phone.

Re:FIDO U2F keys?

[earlytime]

Something I've always wondered, what happens if you lose your Yubikey or its electronics stuffs up? How do you reestablish your identity?

Are we back to security questions like "what's your mother's maiden name?"

Godel,

Same as with your house key or car key. You just setup another U2F/yubikey key and use that to recover/access your account, then disable the lost/damaged/stolen key.

This explains recent Y2F Android failure

No small wonder Google nonchalantly deactivated Y2F key support for Android recently....

Re:As usual, leftist politicians protect themselve

[Frosty+Piss]

As if the US has any leftist politicians.

Bernard?

too hard

[bugs2squash]

when I read this I thought they meant they had dumbed it down to make it easier to use than typing in a password or rubbing your finger over a fingerprint scanner because these has all proven to be overly difficult for CEOs and polititicians.

But

[Vinegar+Joe]

I thought politicians were supposed to use only their government email address.

Re:But

[Opportunist]

Nah, they run their own mail servers for the official stuff.

Really?

[Spazmania]

If you have "heightened security concerns," what on earth are you doing using a public webmail product?

Re:Really?

[sl149q]

I suspect Gmail (corporate version) is more secure than what most organizations can implement and support.

The only problem with hardware 2-factor is how to incorporate it into mobile. Is the phone itself a sufficient token (if coupled with something like TouchID to verify the user?)

The Fido hardware keys are a simple way to secure desktop access.

Re:Really?

[HermMunster]

I couldn't agree more. These people shouldn't be using Google services if they need enhanced security.

I'd say that just using Windows is a security risk.

Re:Really?

[skegg]

Some tokens have NFC. I presume this allows the user to tap the token against the phone when logging-into the app, thus providing another, secure factor.

Re:Really?

[swillden]

The only problem with hardware 2-factor is how to incorporate it into mobile.

NFC-enabled tokens. This is what Google uses internally (which I suspect is the same thing they're marketing to celebs and execs): Device has an authentication key, plus password, plus USB/NFC token. Three-factor auth.

Re:Really?

[vlueboy]

NFC-enabled tokens. This is what Google uses internally

Although the politicians / CEO's are Google's target today, eventually a company will make a tier for the rest of us... including non-technical "normies" using cheap phones ($50 - $150)...
In my experience, while tech people almost exclusively splurge on feature-rich flagship phones where NFC is a given, cheap phones are common for normies.

I did a lot of research to replace my dying phone last week. Cheap (and not so cheap) phones don't cover the 5Ghz Wifi band yet. Cheap phones don't have DLNA. They don't have mirroring / Wifi Direct, which I enjoyed a handful of times on our new, cheap smartTV. Cheap phones cover few video codecs so you're left with weird "not supported" errors when playing some files. Cheap phones don't have remote control features. More relevantly, cheap phones don't have NFC.

My dying flagship supports all of the above, but replacing those same features is still requiring the same prices as 30 months ago. Worse, features have been nerfed (battery removal, forced sim card resizing replacement and sometimes loss of headphone jack). Since I am on an older phone now, I'm a little worried for whims of companies bringing about new breach-inspired requirements towards new hardware that I'll be prompted to consider for work-related authentication.

Re:Really?

[AmiMoJo]

Most phones have NFC which can be used with a suitable token that also has USB for desktop use. Many phones have USB-C as well now, which you could plug the token in to.

Re:Really?

[swillden]

If you can't afford a more expensive phone, I think you're better off getting a 2-3 year old high end phone. They can usually be purchased at or slightly above the upper end of the range you quote. Those cheap phones are typically running ancient software, completely unsupported, as well as the other limitations you mention.

Re:Really?

[bluefoxlucid]

USB-c FIDO keys.

Re:Really?

[Spazmania]

I have the corporate version. It's the same as the free version but you have a domain and can add and remove your own accounts.

Authentication factors: What you know, what you have, what you are.

What you know: a password
What you have: a cell phone
What you are: a fingerprint

Two elements from "what you know" is only single factor authentication. For two factor authentication, you need elements from two categories.

So, your password and your high school mascot is only single-factor authentication because both are from the "what you know" category.

A password plus the six digits from Google Authenticator is two factors: what you know (password) and what you have (a cell phone running Google Authenticator with the appropriate encryption key).

Can we make the politicians authentic too?

[gurps_npc]

Oh, a man can dream, a man can dream.

Least likely to use it

[HermMunster]

Those two groups are least likely to use it.

It isn't a good testbed.

It implies everyone else is less important.

It won't change hacker's mentality toward hacking.

CEOs shouldn't be using Gmail.

Re:Least likely to use it

[Archon]

"CEOs shouldn't be using Gmail."

I set my clients up on G Suite products all the time, Gmail especially. Including CEOs. If the password is strong and unique I don't see the issue, better yet if using 2FA. Or are you suggesting Google is exfiltrating email user data in a way that exposes company secrets?

Re:As usual, leftist politicians protect themselve

[HermMunster]

Is there anything but?

Protect from whom?

[markdavis]

So with the increased security, that helps to protect from people trying to hack into Google. But who protects us from Google? They already have too much information and now they insist on having even more:

Google just pushed out an update last week, so apparently unless I turn on tracking and logging of everything I do (location, web history, etc), I can't use my Wear watch to search for ANYTHING anymore. Really?

The watch was great when I first bought it. Then they updated and ruined the search ability. Instead of being a nice, fast, Google web-like search engine, it became some stupid Google Now-like thing that doesn't ever give me what I want and no choices. Several months later it is "upgraded" to "Google Assistant" which REQUIRES I turn on all this tracking and storage. Almost nothing I want to search for requires a "history" of what I have done in the past.

Animal Farm

> ... Ok Google, I get it. Us plebs don't deserve good security ...

Google has become an Animal Farm

They now practice the "All animals are equal but some animals are more equal than others " doctrine

I know this has already been explored, but...

[rickb928]

...now you know who is important to Google. And it is not virtually everyone reading this forum. Both politicians reading this will be encouraged that they are in the clear.