It has been revealed that search engine giant Google has introduced an even more secure login process for users who are at high risk of online attacks. The new Advanced Protection feature focuses on defending against phishing, accidental sharing, and fraudulent access to accounts. IT security experts commented below.
Javvad Malik, security advocate at AlienVault:
“We live in a time where even consumers or individuals need to protect their online identities and assets with the same rigour as enterprises. A hijacked email account for some can have grave consequences.
This is a very positive and reassuring step taken by Google, and hopefully other companies will follow its lead in bringing better security capabilities into the hands of the masses through protective measures, as well as increased monitoring and threat detection.”
Charl Van Der Walt, Chief Security Strategy Officer at SecureData:
“This is Google taking the initiative to do something properly, like they often have, further cementing their position as a leading light in the security industry. Hopefully it is only a matter of time until something like this is available to all Google users.
“One caution, however, is that a very significant number of successful breaches are still achieved via a compromised desktop, mostly via a malicious document attachment. Undoubtedly Google will become far better at detecting and blocking such attachments, thereby better mitigating an additional threat vector not covered by these ‘advanced’ new controls. High profile users however, should be aware that unauthorised access to their computer is as much a threat to email confidentiality as unauthorised access to Google itself and these new controls will do little to change this. Instead such users should think hard about the platforms they use to access email and how they open attachments. Simple, limited-use platforms like a Chromebook or a tablet are generally safer to work from, but using a Yubikey with a tablet can be tricky, especially on iOS devices. This seems a pity, and looks to be a trade-off.
“Something else to consider is that although preventing unauthorised remote access to email is part of the equation, there needs to be jurisdictional consideration also. Google itself might have aJavvad Malikccess to email and contact data, and that given Google is a US company, the US government may be able to obtain access. This, however, is a ‘political’ consideration rather than a technical one.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.