Bluink Blog

Get the strongest security with Google’s Advanced Protection and Bluink Key

Posted by Alex Longval · 1090 words, and it’s got 0 comments for now.

On October 17, Google introduced its Advanced Protection Program to secure the Google accounts of high risk individuals. A main feature of Advanced Protection is the use of FIDO U2F Security Keys, which provide the strongest form of two-factor authentication (2FA). Bluink Key is a certified FIDO U2F Security Key, but it’s also so much more. Bluink Key combines FIDO U2F, one time passwords (OTP), and secure password management into a single app on your smartphone. Add in biometric reauthentication and you have the James Bond of security solutions in your pocket! If Advanced Protection is something you’re interested in, Bluink Key is for you.

 

What does Google’s Advanced Protection Program do?

 

Currently, Google’s Advanced Protection Program does three things.

 

1. Enables FIDO U2F authentication

Whenever you log in to a new computer or mobile device, you must type your username and password and press a button on your registered FIDO U2F Security Key. This increases your access security by requiring something you know (username and password) and something you possess (Security Key). Hackers may get your username and password with phishing, man-in-the-middle, or brute-force attacks, but without physical possession of your Security Key, they can’t access your account.

Other 2FA options include SMS text and OTP codes. SMS 2FA isn’t secure because hackers can intercept text messages to get the code and use it you. OTP 2FA is more secure than SMS, but it’s also vulnerable to phishing. Here’s a phishing example.

You click on a link to a fake (yet convincing) Amazon website.

You type your username, password, and 2FA code into the fake Amazon website.

The fake Amazon website steals your username, password, and 2FA code.

A hacker uses your stolen username, password, and 2FA code to sign in to the real Amazon website.

FIDO U2F doesn’t involve any manual code entry, which means it isn’t susceptible to phishing, man-in-the-middle, or brute-force attacks. That’s why it’s considered the strongest form of 2FA.

Google’s Advanced Protection Program requires two FIDO U2F Security Keys: a USB Security Key (e.g., Bluink Key) and a Bluetooth Security Key (e.g., Feitian MultiPass).

 

2. Limits data access to trusted apps (only Google apps for now)

Third-party apps (including Apple Mail, Contacts, and Calendar) won’t be able to access Gmail or Google Drive data. All Google services on the web will only be accessible through Google Chrome. Google expects that it will expand the trusted apps that will have access to Google data in the future.

 

3. Increases identity verification requirements for access restoration

In the event that you lose access to your account and your Security Keys, restoring access will require extra identity verification steps and take a few days to complete.

 

How does Bluink Key help?

 

The Bluink Key USB device can serve as the FIDO U2F Security Key in Google’s Advanced Protection Program. However, Bluink Key can also provide additional security features to secure all your other accounts.

 

One time passwords

We recommend using FIDO U2F authentication wherever possible. Unfortunately, not all services are compatible with FIDO U2F. Some services like Amazon, Apple, and Slack are only compatible with OTP and SMS 2FA. In cases like these, always opt for OTP. Bluink Key provides both FIDO U2F and OTP so you always have the best 2FA available.

 

Secure password management offline on the smartphone

Most password managers store usernames and passwords (login credentials) online in the cloud. This creates a huge target for hackers. Bluink Key encrypts your login credentials on your smartphone so you’re always in full control of your sensitive information. You can autofill login credentials onto your computer through the Bluink Key USB device, check the strength of your passwords, and generate strong random passwords. All of this and more is done right from your smartphone.

 

Biometric reauthentication

Biometric reauthentication lets you add extra security requirements (e.g., fingerprint scan) to access and use specific login credentials within the Bluink Key smartphone app. This ensures that your most sensitive accounts like online banking and email have the protection they need.

 

What about organizations?

 

Currently, Google’s Advanced Protection Program is only available for consumers. Bluink Key Enterprise is the way to go if you’re looking for an identity and access management solution for your organization. Bluink Key Enterprise lets employees easily and securely access computers, applications, and systems using their smartphones.

 

Bluink Key Enterprise has all the features and benefits provided by Bluink Key plus:

  • Central access management for IT admins
  • Shared credentials
  • Audit trails
  • Instant deprovisioning
  • Per-user and per-credential authentication policies
    • Geofencing
    • Automatic password changes
    • Password randomization
    • Biometric reauthentication
  • No client-side software required

 

Who should use Advanced Protection and Bluink Key?

 

Google’s Advanced Protection Program isn’t for everyone. With the added security comes a loss of convenience. Individuals like business leaders, journalists, and other public figures should use Advanced Protection to secure their accounts due to their high visibility, control, and influence. If you think you need Advanced Protection to secure your Google account, you should look into Bluink Key to also secure your other accounts. One vulnerable account is often all a hacker needs to breach other accounts.

 

If you don’t think you need the extra security offered by Advanced Protection but still want to give your security a boost, check out Bluink Key. It gives you the flexibility to use the security features that fit your needs.

Resources: