Last year, hackers working for the Russian government tricked John Podesta, one of Hillary Clinton’s top advisers, into giving away his Gmail password. Months later, his private emails started appearing on WikiLeaks. The rest, as they say, it’s history.
There’s no way to know how much the coverage of the “Podesta Leaks,” as Julian Assange dubbed them, swayed the election. But they certainly captured the attention of media and voters for weeks. Now, Google is launching a new feature to prevent attacks like that on Podesta—or at least make them much harder to pull off.
Read more: The Motherboard Guide To Not Getting Hacked
Anyone with a Gmail account can now activate what the company calls “Advanced Protection,” a set of features that make it harder to hack into your Google account. These are aimed specifically at “high-risk” users, as Google puts it. That is political campaign staffers, activists, journalists, or people in abusive relationships.
The main advantage in terms of security is the need for a key or token to log in as the second factor, instead of a code sent via SMS or via app. This is much better because there’s no way for hackers to steal or phish this key from afar (there have been isolated incidents of hackers using social engineering to gain access to someone’s cell phone number by getting the provider to issue a new SIM card, for instance).
Thanks to these new features, Gmail is now the most secure email provider available on the internet if you are worried about hackers breaking into your private correspondence.
“This is a major step in the right direction in offering the same kind of protection available to high-profile figures to everyday people,” Kenneth White, a Washington D.C. based security consultant to federal agencies, told Motherboard. “They have really thought this through, and while it may not make sense for everyone, for those that need it, it’s a much needed option.”
Of course, enhanced security comes with tradeoffs.
First off, you will need two security keys to access your account. One for your computer, and a Bluetooth-enabled one for your cellphones and tablets. Google’s suggested keys cost a total of $43.
“An attacker who doesn’t have your Security Key is automatically blocked, even if they have your password,” Google wrote.
Also, if you turn on Advanced Protection, only Google apps will be able to get access to your account. This is, perhaps, a response to an incident in May, when someone created a malicious Google Docs-lookalike app and tricked hundreds of thousands of people into granting it full access to their Gmail accounts. This can be an inconvenience because many apps use Google data (for example, if you use a third-party calendar app that takes data from Google Calendar).
Finally, if you turn on the new security features, it will be harder to reset your password in case you lose access to your account. But if you are a target of government hackers or sophisticated hackers, these tradeoffs are certainly worth the trouble.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org
Get six of our favorite Motherboard stories every day by signing up for our newsletter.
Powered by WPeMatico