Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Google Just Made Gmail the Most Secure Email Provider on the Planet' (vice.com)

Posted by msmash on from the doing-security-right dept.

Google announced on Tuesday that it would offer stronger online security for "high risk" users who may be frequent targets of online attacks. The company said anyone with a personal Google account can enroll in the new "advanced protection," while noting that it will require users to "trade off a bit of convenience" for extra security. Motherboard reports: The main advantage in terms of security is the need for a key or token to log in as the second factor, instead of a code sent via SMS or via app. This is much better because there's no way for hackers to steal or phish this key from afar (there have been isolated incidents of hackers using social engineering to gain access to someone's cell phone number by getting the provider to issue a new SIM card, for instance). Thanks to these new features, Gmail is now the most secure email provider available on the internet if you are worried about hackers breaking into your private correspondence. "This is a major step in the right direction in offering the same kind of protection available to high-profile figures to everyday people," Kenneth White, a Washington D.C. based security consultant to federal agencies, told Motherboard. "They have really thought this through, and while it may not make sense for everyone, for those that need it, it's a much needed option."

3 of 197 comments (clear)

  1. Chrome only... by mrsam · · Score: 5, Insightful

    I skimmed Google's write-up of their new offering, and was seriously considering looking into this. I bear no delusions of self-grandeur, or that anyone would have any reason to be interested in sorting through all the confirmation e-mails for the coffee I buy off Amazon; but I do have some key data tied up in the Googleverse, and the cost of an extra keyfob would not exactly break the bank. However, then I came to this:

    Google services on the web

    You will only be able to use the Chrome browser to access signed-in services like Gmail or Photos.

    That breaks the deal for me, since I don't use Chrome, and it would not be convenient for me, for a few reasons. I can't really think of any valid technical reason why this results in any actual security, unless Chrome pins Google's CA; but the same thing can be done in any other browser too.

    1. Re:Chrome only... by darkmeridian · · Score: 5, Informative

      No one else supports the FIDO U2F security key standard in their browser. FireFox should be getting around to it anytime now, and I believe that Opera does. But that's probably why: the valid technical reason is that no one else supports the security standard.

      --
      A NYC lawyer blogs. http://www.chuangblog.com/
  2. They did? by JohnFen · · Score: 5, Insightful

    So they're now encrypting all the emails being stored on their servers and don't hold the key themselves?

    Because if they're not doing that, then they're not anything close to "the most secure email provider on the planet".