Commentary

The Gmail Wall: Google Debuts Two-Step Verification Product

Google introduced a new email security product on Tuesday. But instead of being aimed at billions of people, Advanced Protection is designed for a special few — political campaign staffers, journalists protecting their sources and people in abusive relationships, writes Dario Salice, advanced protection product manager for Google, in a blog post.  

And now observers are wondering whether this product could have altered political history.

“If this security had existed a year ago, it could have stopped the hack of Hillary's campaign — in theory.” Christina Bonnington writes in an article on Slate.

According to Salice, Advanced Protection consists of three main features.

For one, access can only be gained with Security Keys — small USB or wireless devices. These use public-key cryptography and digital signatures to prove that you are the real email account holder: the attacker can’t get by them even if he has your password, Salice states. Call it a form of two-step verification.

advertisement

advertisement

The product also protects your data from accidental sharing. At present, this can be done only using Google Apps, but this capability will be expanded, Salice says.  

Finally, Advanced Protection will also keep hackers from accessing accounts by pretending they are the account holder and have been locked out.

How would this have protected the Clinton campaign’s from being hacked?

If you recall, an IT person was forwarded a phishing email received by campaign manager John Podesta. He accidentally said it was “a legitimate email,” instead of “not a legitimate email,” and “the rest is history,” Bonnington writes.

Presumably, the hackers would not have been able to get in if Advanced Protection had been place.

However, Bonnington argues that “Advanced Protection is not without a fatal flaw: Like two-factor authentication and other security measures, it’s opt-in. It’s up to the user to join the program and take advantage of its additional layers of security. As the saying goes, you can lead a horse to water, but you cannot make it drink.”

Um, we don't quite agree with that. Obstacles, however well intended, will only scare people away.

Security-minded Gmail users, even non-journalists, may embrace the new offering. But as countless surveys show, some consumers are not very concerned about email privacy.

Implement this universally, and Gmail may no longer be the world’s leading email service.

That aside, you have to admit that Google’s R&D department is prolific. For instance, Google is now testing a service that will expand the iOS Gmail app to non-Google email accounts, Samuel Axon reports on ArsTechnica.  

Want to sign up for the beta test?

Google gives “three criteria for eligibility,” Axon writes. They are that “you must currently be using the Gmail iOS app, you must have an email account that’s not Gmail with which to test it, and you must be running iOS 10 or later on your device.”

One final note on the Podesta hack: One of the first rules we learned in journalism was to avoid using  the word “not” in a sentence. It’s too easy to leave it out.

 

Next story loading loading..