/mail/community?hl=en
/mail/community?hl=en
10/19/17
Original Poster
Crystal Cee - Google One CM

Announcing Advanced Protection, account security for those who need it most

Yesterday, we were happy to introduce a new level of account protection for users who are most at risk with the Advanced Protection Program. Advanced Protection provides Google’s strongest security, designed for those who are at an elevated risk of attack and are willing to trade off a bit of convenience for more protection of their personal Google Accounts.


Once you enroll in Advanced Protection, we’ll continually update the security of your account to meet emerging threats—meaning Advanced Protection will always use the strongest defenses that Google has to offer.


At the start, the program focuses on three core defenses.


  • The strongest defense against phishing: Advanced Protection requires the use of Security Keys to sign into your account. Security Keys are small USB or wireless devices and have long been considered the most secure version of 2-Step Verification, and the best protection against phishing. They use public-key cryptography and digital signatures to prove to Google that it’s really you. An attacker who doesn’t have your Security Key is automatically blocked, even if they have your password.

  • Protecting your most sensitive data from accidental sharing: Sometimes people inadvertently grant malicious applications access to their Google data. Advanced Protection prevents this by automatically limiting full access to your Gmail and Drive to specific apps. For now, these will only be Google apps, but we expect to expand these in the future.

  • Blocking fraudulent account access: Another common way hackers try to access your account is by impersonating you and pretending they have been locked out. For Advanced Protection users, extra steps will be put in place to prevent this during the the account recovery process—including additional reviews and requests for more details about why you've lost access to your account.


Anyone with a personal Google Account can enroll in Advanced Protection. Today, you’ll need Chrome to sign up for Advanced Protection because it supports the U2F standard for Security Keys. We expect other browsers to incorporate this soon.


For now, Advanced Protection is only available for consumer Google Accounts. To provide comparable protections on G Suite Accounts, G Suite admins can look into Security Key Enforcement and OAuth apps whitelisting.


Learn more at The Keyword or sign up for Advanced Protection at g.co/advancedprotection.


Have questions about Advanced Protection? Search the forum to see if it's been answered already or create a new post.
Community content may not be verified or up-to-date. Learn more.
Recommended Answer
Was this answer helpful?
How can we improve it?
All Replies (244)
Chukwuma Peter
10/19/17
Chukwuma Peter
Awesome work Google
James Domingos
10/20/17
James Domingos
This is great and I'm happy to see this!

I've enabled Advanced Protection but my Recovery email is still present, is this expected? Was thinking maybe it would be removed. If expected, I'd like to see the option to enter a PGP key to all emails sent to the recovery email address to be certain that no one can read it, should they manage to break into that account. Thanks.
NoGoodDeed
10/22/17
NoGoodDeed
@ James Domingos,

Thank you for taking your time to post.

...I've enabled Advanced Protection but my Recovery email is still present...  Where do you see it?

...is this expected...  I think so.  A Recovery email only allows you to get a password reset.
With Advanced Protection (AP), changing a password will not allow you into an account if you don't have the correct Security Key.

...I'd like to see the option to enter a PGP key to all emails...  In addition to posting here, you can leave [1] Feedback about this with Gmail.

For myself: I don't see who that would work.

James Domingos
10/22/17
James Domingos
I see it in "Sign-in & security" -> "Account recovery options" - "Recovery email". I can remove it manually of course, just want to know what is expected when Advanced Protection is enabled.

Facebook has the option to make Facebook send encrypted notification emails. This is done by simply adding your public PGP key in Facebook settings, then all your emails from them will be encrypted, not only in transfer but also in your email client, looking something like this:

-----BEGIN PGP MESSAGE-----

hQIMA0oige89GTLiARAAkfXgqkGXqQGVBz30Fc959x2ScyLnTiACazHiLfom0PRB
qb27XHu+XpyBvKWfTdHU6ivf32+ZA15DPUaofd/aunj23IT2GhWkU78VO1fyUXAq

-----END PGP MESSAGE-----

and would require a passphrase to decrypt. So if someone gains access to my recovery email, that is all they see and a password reset link would not work until decrypted.

Yes, this might be overkill. Merely seeing how far we can take this whole advanced protection setting :)

/Paranoid
Kenno Hawk
10/22/17
Kenno Hawk
I'm impressed with these steps forward Google, 

I believe it was just last night that I was learning how to hack into your systems, with heuristic design technology, in order to retrieve a Gmail account (That, for a month now, I've been un-able to access) 

The manuals went on to tell me how, Logins and Passwords are your biggest weakness in Website security, and Whilst in my growing hatred for google, I sat in the darkness of the night, and Attempted to login to Kenneth...@gmail.com one more time (How the Hatred boils within me, when I see my old e-mail address posted on a Gmail Forum) 

And I attempt my login, Going against all the protective services that google was capable of providing me, in order to go against people (Like my own self now), Hackers, Phishers, hateful people, searching for access into an account (Regardless if it's there's, Like in my own case right now)

As I sit there, I go through the process I've gone through multitudes of times, for the very same address I've logged onto countless times, (I've clearly forgotten my own password) Or come to the reality, that *I've not forgotten my password, But in fact, my password has now been changed*, 

And I begin to go through the account recovery process, For the 100th time (Google Could verify this, If google had any care for it's clients, And Actually gave Telephonic, Electronic, Or Mail, Maybe Pigeon Mail, Perhaps "Owl Mail" Support) For for it's own clients, that have been loyal to the growing dynasty of People haters since the beginning of time... However, I follow the recovery steps, I enter in my last known Password, I accept the 2 step multi-factor login (Sent to my own Phone) -- I accept the recovery account Mail, to be sent to my Recovery account E-mail, and I enter in it's pass code (On Receiving it) 
You'd really think at this point things are going well...

But they're not.... I enter in the digits that google requests from my cellphone, and I enter in my best (Guess as it were) of when I started my account, and let it know it must've been around 2008 or so. 

Then.... At my highest hopes, Faced with the same questions time and time again, I do the same thing, that I've now done, Over and Over again for the past month... I raise my hopes up, I feel (This is it, This time I'm finally getting into this account and this time I'm finally going to get back all those years of personal mail, And whomever took that control away from me, and all those personal messages and moments in time, I'll finally be rid of that person, and I'll finally have my power back, my privacy back, My Knowledge of my Past in electronic format, all recollected as if it were just yesterday) 

And I breathe out, as if a wave just hit my Gut once more, From a moment of solitary happiness in the reality of morbidity that googles faced me with - After resolving in myself, that a Account Recovery couldn't possibly fail - I get washed away into the current of morbidity once more, with the message back from Google -- "Your account verification failed" 

And I sit, and read into googles forums, deepening my despair and hatred for the company - With my knowledge of how it's vindicated its clients, and released it's support to a Mass of people that (in fact) have no control over my account, Have no access to the google database, have no knowledge or care of my existence and would willy nilly pretend like they are capable of helping a IT consultant retrieve back, what you'd think an IT consultant should be able to retrieve back with ease... (easier than any other nonsensical internet pleb) Whom I have the utmost of pain for, as their ability of retrieving their account may very well dwell into a 100% chance of never retrieving their account, as they may very well have given up on the chance of it, at the fourth, perhaps tenth time of trying to go through the same repetatory steps that I am granted, each time I attempt this action. 

Your support for your clients does not exist, And giving them the ability to create a usb stick with a password on it, is actually just an insult to them, as if just losing a phone, could leave you lost from your account for all eternity, could you imagine losing your little flash drive, you have stringed to your Jeans as if living in jail cell, and ready to Stab someone with it, Clinging to it with every last inch of life.... 

Imagine losing everything, just by losing a little 1 dollar flash drive... 

I've lost everything, just due to a faulting verification process that won't recognize my Laptop, Due to it being new, And won't recognize me, as I can't recollect my anniversary with google... Literally three steps I can't pass, When I first met with Google, When we first started dating, What my last password was with Google, (They are not one, They are Many) And My laptop is just not the same, 

Three faulting stages, and a blink182 song in the back of my head, "I'm lost without you" 

So please continue to give people more capability of losing their, Web history, Blogger, YouTube, Google+, Google Search (Through their own account), Google Drive, Google Calender, Google Hangouts, Google Wallet, Google Finance, Google Groups, Google MAPS!!! (All their locations including their own Home location) Google News access, Google Alerts (To any of these products rendered by google) Google sites visited, (how personal have we gotten) Picasa, and Google photos, But worst of all - Their long standing Gmail, E-mail access application. 

And I look back and see how much I've written, and see that the only corrections in my letter that's taken me just 10 minutes to write, Are the words "Google" and every time I type it, My Opera browser keeps telling me to correct that name. 

Thanks for boosting security. 

Enjoy your day. 

Note (And Spellcheck Asks for Blink182's and Phishers and Kenneth...@gmail.com's as well as repatatory, *Which I'm so sure is a word* corrections to, I believe I need to agree there as well) 

Please also note, my google profile is brand new, Please don't remove this E-mail, I've only created it, so I can once again comment on You tubes channel.. Though, they have no idea who I am anymore, I just like to say my peace, as I'd tried to gain some peace in this message to. 
238 MORE
3/14/18
Original Poster
Crystal Cee - Google One CM
Hi everyone, 

Thanks for all your questions and comments about the Advanced Protection feature. It seems that there also might be some confusion about what Advanced Protection does, so I've tried to sum up some of the common themes to address them below. This thread is also collecting many off-topic responses, so I'll be locking it after posting this, but if you have any further questions about Advanced Protection or other security features, please create a new topic

Best, 
Crystal
Community Manager

FAQs

I'm concerned that Advanced Protection has cut off access to a service/app that I use. 
Advanced Protection does restrict third party access to some of your account’s data like Gmail and Google Drive. If you require third party access to this data (through Apple Mail, Outlook, Thunderbird, etc), then Advanced Protection may not be for you. You may want to look into our regular 2-Step Verification feature if you'd like an extra level of security.

To check if you’re enrolled in Advanced Protection, go to https://myaccount.google.com/security or from myaccount.google.com click “Sign-in & security.” If you’ve enrolled in Advanced Protection, you’ll see a message at the top of the page stating “Advanced Protection is on for your account.” If you do not see this message, you are not enrolled in Advanced Protection.


This is what it looks like when you’re enrolled


To unenroll from Advanced Protection, click the words “TURN OFF” or visit https://myaccount.google.com/advanced-protection/unenroll and follow the steps to turn off Advanced Protection.


I'm concerned that Advanced Protection has prevented me from signing into my account or asked me additional questions when signing in.

Advanced Protection does not prevent signing in to your account, only third party access to some of your account’s data like Gmail and Google Drive.


If you’re getting prompted for additional verification when trying to sign in, it’s likely because we’ve detected something different about the way you’re signing in and want to verify it’s really you. See here for more information.  


I’d like Advanced Protection, but I don’t want to buy the keys/can’t buy keys in my country.

Advanced Protection is a feature that does require Security Keys and is designed for people most at the risk of targeted attacks. If you’d like an extra level of security on your account, but can’t buy security keys, 2-Step Verification may be an option for you. For 2-Step Verification, you can use your phone as your second security step either through SMS,  prompts on your phone, or Google Authenticator.


I've enabled Advanced Protection but my Recovery email is still present, is this expected?

Yes. You should always keep a recovery email address and/or recovery phone number up to date on your account in the event that you lose access to your account. For accounts with Advanced Protection enabled, in the event that you lose your security keys or forget your password, you’ll need to go through the Account Recovery process and a current recovery email address helps with this.


 
This question is locked and replying has been disabled. Still have questions? Ask the Help Community.

Badges

Some community members might have badges that indicate their identity or level of participation in a community.

 
Expert - Google Employee — Googler guides and community managers
 
Expert - Community Specialist — Google partners who share their expertise
 
Expert - Gold — Trusted members who are knowledgeable and active contributors
 
Expert - Platinum — Seasoned members who contribute beyond providing help through mentoring, creating content, and more
 
Expert - Alumni — Past members who are no longer active, but were previously recognized for their helpfulness
 
Expert - Silver — New members who are developing their product knowledge
Community content may not be verified or up-to-date. Learn more.

Levels

Member levels indicate a user's level of participation in a forum. The greater the participation, the higher the level. Everyone starts at level 1 and can rise to level 10. These activities can increase your level in a forum:

  • Post an answer.
  • Having your answer selected as the best answer.
  • Having your post rated as helpful.
  • Vote up a post.
  • Correctly mark a topic or post as abuse.

Having a post marked and removed as abuse will slow a user's advance in levels.

View profile in forum?

To view this member's profile, you need to leave the current Help page.

Report abuse in forum?

This comment originated in the Google Product Forum. To report abuse, you need to leave the current Help page.

Reply in forum?

This comment originated in the Google Product Forum. To reply, you need to leave the current Help page.