Google said on Tuesday that it would roll out an advanced protection program in order to provide stronger security for users who are at a high risk of being targeted by hackers.
Once you enroll in Advanced Protection, Google will continually update the security of your account to meet emerging threats.
At the start, the program focuses on three core defenses.
The strongest defense against phishing: Advanced Protection requires the use of Security Keys to sign into your account. Security Keys are small USB or wireless devices and have long been considered the most secure version of 2-Step Verification, and the best protection against phishing. They use public-key cryptography and digital signatures to prove to Google that it's really you. An attacker who doesn't have your Security Key is automatically blocked, even if they have your password.
Sometimes people inadvertently grant malicious applications access to their Google data. Advanced Protection prevents this by automatically limiting full access to your Gmail and Drive to specific apps. For now, these will only be Google apps, but Google will expand these in the future.
Another common way hackers try to access your account is by impersonating you and pretending they have been locked out. For Advanced Protection users, extra steps will be put in place to prevent this during the the account recovery process - including additional reviews and requests for more details about why you've lost access to your account.
Anyone with a personal Google Account can enroll in Advanced Protection. Today, you'll need Chrome to sign up for Advanced Protection because it supports the U2F standard for Security Keys. Google expects other browsers to incorporate this soon.
For now, Advanced Protection is only available for consumer Google Accounts.
The rollout of a suite of new email security services by Google follows a U.S. presidential election last year that was shaped in part by the disclosure of emails by anti-secrecy group WikiLeaks belonging to associates of Democratic candidate Hillary Clinton that were obtained through phishing schemes.
U.S. intelligence agencies have concluded that those hacks were carried out by Russia as part of a broader cyber campaign to help President Donald Trump win the White House.