The Most Secure Account of All—If You Can Stand It

Google Advanced Protection offers a level of security that's hard to match. Just expect some serious convenience trade-offs along the way.
The draconian measures make phishing far more difficult, and would even have prevented the kind of sophisticated phishing scheme that used a Google Doc to trick users into installing a malicious third-party application last May.Aaron Fernandez

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more. Please also consider subscribing to WIRED

There was a time when high-status people signaled their worth with an ostentatious key fob for an expensive car. Today the keyring of an important person—or at least a paranoid one—might be distinguished by a less obvious marker: a pair of inconspicuous plastic dongles that protect an inbox full of secrets worth keeping.

In October Google announced a feature called Advanced Protection, a security setting designed to offer its strongest protection yet against any hackers who would try to break into your Google account and access your email, documents, calendar, and every other piece of sensitive information you entrust to Google’s servers. It’s probably the most secure authentication implemented by any tech firm for any online software, and, short of hosting everything on your own network and paying a team of security engineers to guard it, Advanced Protection is the best option out there.

But it’s certainly not the easiest. Unlike some other security settings Google offers, Advanced Protection can’t be turned on with a mere flip of a switch. The security-to-convenience ratio is almost certainly higher than you're used to. But if you need to keep your secrets actually secret—and suspect someone might be after them—it's your best mainstream bet. Here's how it works in practice.

The Setup Takes Work...

To turn on Advanced Protection, you first need to own two tiny devices that you’ll have to keep with you at all times—or at least any time you want to log into your Google account from a new device. You'll connect those so-called universal two-factor (U2F) security tokens to your computer or smartphone to prove your identity after entering your password.

Advanced Protection requires one USB-based key for desktop computers and one Bluetooth key fob for smartphones or other devices without a USB port. Together they represent the fundamental security premise of Advanced Protection: that no one can log into your account without one of those two physical devices in their possession.

Google recommends you buy keys from a company called Feitian, like this $17 USB model and this $24.99 Bluetooth version. But Google Advanced Protection will work with any U2F keys from any manufacturer, as long as it's approved by the FIDO Alliance, an online authentication standards group.

After you’ve got your hands on those hardware tokens, click here, and Google will walk you through a series of instructions that first ask you to enter your password, then register each physical key.

To do so, you’ll insert the USB key, then plug the Bluetooth token into the USB port with a cord. Once you’ve set up the second key and enabled Advanced Protection, you’ll be automatically logged out of your Google services on every computer other than the one you’re currently using. To log back in to any of those machines—your smartphone, first of all—you’ll need to connect those tokens, either by inserting the USB token or pairing the Bluetooth token and pressing its button.

On an iPhone, that Bluetooth connection requires installing Google’s password manager, Smart Lock, which then handles the phone’s wireless authentication with the key. Android devices have Smart Lock built in. In WIRED’s tests, the iOS radio handshake could be finicky and unreliable. In one case, it required more than a dozen tries before it successfully connected and unlocked a Gmail account from mobile. Luckily, you only have to authenticate to any device you own once; from there, you can choose to designate it as yours and skip the two-step log-in process going forward.

...But It Gets the Job Done

Advanced Protection demands sacrifices beyond mere setup hurdles. It only works with Chrome. It doesn’t allow non-Google apps to access Google accounts, so you won’t be able to use plug-ins that access your Gmail messages or export your Gmail to another client. And perhaps most daunting: If you lose both your hardware tokens and need to log in again, you’re in trouble. Advanced Protection demands a much more rigorous account recovery process than normal accounts do—starting with a 3–5 day “cooling off” period that locks you out of your account.

But those draconian measures serve a purpose. They make phishing far more difficult, and would even have prevented the kind of sophisticated phishing scheme that used a Google Doc to trick users into installing a malicious third-party application last May. And making it hard and slow to recover your account by pleading for help from Google’s help desk just means hackers will have a hard, slow time attempting an end-run around Advanced Protection.

Even so, it’s important to remember that you won’t be protected from Google itself seeing your information—or anyone who manages to breach Google’s servers, or hands the company a legal demand to cough up your data. If that worries you, you’ll still need to use encryption—namely PGP, since newer and easier solutions like Enigmail and Mailvelope aren’t compatible with Advance Protection.

The result of all of those inconveniences, however, is that anyone trying to break into an account secured by Advanced Protection is going to have a serious hill to climb—one steeper, we hope, than the learning curve you’ll face setting it up and using it yourself.