Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday October 02 2017, @07:14PM   Printer-friendly
from the garden-walls-are-growing dept.

Google will offer a physical security key to upgrade two-factor authentication for certain high-profile users:

The Alphabet Inc. company next month will begin offering a service called the Advanced Protection Program that places a collection of features onto accounts such as email, including a new block on third-party applications from accessing data. The program would effectively replace the need to use two-factor authentication to protect accounts with a pair of physical security keys. The company plans to market the product to corporate executives, politicians and others with heightened security concerns, these people said.

The Gmail messages of John Podesta, Hillary Clinton's 2016 campaign chairman, were famously hacked last year, along with the databases of the Democratic National Committee. Podesta met with the House Intelligence Committee in June to discuss the hack.

[...] The new service will block all third-party programs from accessing a user's emails or files stored on Google Drive, said the people, who asked not to be identified because the product isn't yet public. The program will be updated with new features to protect user data on an on-going basis.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Informative) by Anonymous Coward on Monday October 02 2017, @07:38PM (5 children)

    by Anonymous Coward on Monday October 02 2017, @07:38PM (#576131)

    Why not just get a yubikey?

    Starting Score:    0  points
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  

    Total Score:   1  
  • (Score: 2) by bob_super on Monday October 02 2017, @07:57PM (1 child)

    by bob_super (1357) on Monday October 02 2017, @07:57PM (#576143)

    Interesting.
    The RSA token works on all machines and operating systems, and the only interference possible is the capture of the number being typed (which could be enough, granted). Plug a device in something (wait, this one is USB and that is USB-C, where's my dongle), and all sorts of shenanigans can get in the way.
    On the practical side, my token used to be on my keychain, and reaching for a USB port on both of my primary machines would have been a pain.

    • (Score: 0) by Anonymous Coward on Monday October 02 2017, @08:23PM

      by Anonymous Coward on Monday October 02 2017, @08:23PM (#576162)

      The yubikey with nfc works on pretty much all devices except iOS (at present). But I understand the pain of reaching for a USB port each time you want to do something. For me I don't find it an issue due to my setup, however.

  • (Score: 2) by frojack on Monday October 02 2017, @08:15PM (2 children)

    by frojack (1554) on Monday October 02 2017, @08:15PM (#576153) Journal

    Why not just get a yubikey?

    Any of several Yubikey versions do work, as long as you limit the account to ONLY accept those devices.
    No text messages. No Phone calls.
    The problem is that these physical keys are pretty expensive. (One key can work with many different services).

    No Authenticator app would then be needed. (This hasn't been broken yet AFAIK).
    The problem is the setup of authenticator can be a major pain in the neck when you want to use
    it for multiple account and have it available on multiple devices [google.com] (in case you lose your phone).

    Yubikey comes in several versions and some models can be used with you NFC equipped phone.

    I suspect that Google's new service is simply some form of Yubikey-like service.
    https://www.yubico.com/products/yubikey-hardware/compare-yubikeys/ [yubico.com]

    I've used the el-cheapo Yubikey on several linux machines and windows machines with several different web services.

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 2) by frojack on Monday October 02 2017, @08:16PM

      by frojack (1554) on Monday October 02 2017, @08:16PM (#576155) Journal

      Meant to say allowing text messages on accounts you set up to use yubikey-like devices is just stupid.

      --
      No, you are mistaken. I've always had this sig.
    • (Score: 0) by Anonymous Coward on Monday October 02 2017, @08:26PM

      by Anonymous Coward on Monday October 02 2017, @08:26PM (#576163)

      I don't think price is a concern here, though. I have both the NFC yubikey and the little micro yubikey. Both serve me very well. The only thing that I use that frustrates me is AWS because they don't work with yubikeys yet. I think its a far more useful and user friendly device than RSA keys (once setup).