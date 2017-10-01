Google Plans Upgrade of Two-Factor Authentication For Politicians and CEOs (theverge.com) 28
An anonymous reader quotes the Verge: Google plans on upgrading its two-factor authentication tool with an improved, physical security measure aimed at protecting high-profile users from politically motivated cyberattacks, according to a report from Bloomberg. The new service, to be called Advanced Protection Program and potentially slated to launch next month, will trade out the standard authentication process for services like Gmail and Google Drive with physical USB security keys. The service would also restrict the types of third-party apps and services that could connect to a user's Google account.
The changes are not likely to affect standard Google account owners, as Bloomberg reports that Google "plans to market the product to corporate executives, politicians and others with heightened security concerns."
Ok Google, I get it. Us plebs don't deserve good security.
Well, certainly no other account in a company would be worth securing, right? I mean what access would those piss-ant IT SysAdmins have? I mean, it's not like they control the entire server farm...
Is your sysadmin controlling the server farm with their Gmail login? I think you might want a new sysadmin.
Google accounts don't contain technically sensitive information, they contain personally and organizationally sensitive information. The risk is the attacker can compromise an account belonging to someone important (ie, Clinton's campaign manager) and obtains a bunch of sensitive information. Your sysadmin shouldn't have that kind of info in their account.
Now there's an impersonation risk, but unusual
In addition, they act like the politicos are even bright enough to use this!
I suspect the restriction is only because many of us would actually be able to successfully use it.
Well, the USB key has been available for well over two years now -- for less than $20 [amazon.com].
And what makes you think you wouldn't be able to buy the rest of the new security package if you wanted to (a) pay the going rate, just like above, and (b) live with the restrictions re third-party app access? TFA (which is basically somewhat educated rumor-mongering anyway) simply says it would be marketed to high-profile users, not that it would be restricted to them.
As you hide under the Cloak of A.C.
Says a person who doesn’t give away their real name and could have multiple sockpuppet accounts. So brave you are.
How is this left/right? Jared has already been caught along with a number of other trump people using private email. Get over it. But I totally agree with one of the prior comments. Thanks google for reminding us that once again the rich/political class is special.
As if the US has any leftist politicians.
Bernard?
Who knows what is on it, but I'll plug it in to my computer anyway!
. . . but Google would never be lackeys, henchmen and hoodlums for the US government . . . and plant NSA spyware on the sticks . . .
. . . would they . . . ?
I'd love to know what Google is actually changing, but the article doesn't really say - I've been using a physical security key for my google account logins for a while now. Though the 'limiting apps that can connect' is certainly a good thing, I can't figure out what they are actually changing otherwise.
Does this involve being able to force accounts to use a security key? What's really going on here?
Because they will spend the money on USB keys and then not bother with creating some form of identity validation policy, cue the "I lost my USB key, can you give me a temporary password?" phone hack in 3...2...
Social Engineering. Because hacking ignorance, is timeless.
I thought politicians were supposed to use only their government email address.