image
Google has extended its Advanced Protection Program for account security to the iPhone platform, aimed at those that are the most-targeted by cybercriminals: Members of political campaign teams, journalists, activists, executives, employees in regulated industries such as finance or government, and others. It has also made the program simpler to sign up to for Android users. The idea is to add another log-in factor to the sign-in process for Google accounts – one that can’t be intercepted by a phisher. Specifically, the Advanced Protection Program uses security keys, which make use of public-key cryptography to verify a user’s identity and URL of the login page. These can either be a physical security key or a smartphone’s built-in security key. In the case of iPhone, those running iOS 10.0+ with the Google Smart Lock app installed can enroll in the program. “Unlike other two-factor authentication (2FA) methods that try to verify your sign-in, security keys are built with FIDO standards,” explained Christiaan Brand, product manager at Google Cloud and Kaiyu Yan, Google software engineer, in a posting on Wednesday. In the FIDO framework, authentication is done by the client device, which must prove that it has in its physical possession a private key to a given service. To prove this, the client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by swiping a finger, entering a PIN, speaking into a…

Source