Internet users targeted by spies, hackers and government assassins can now use hardware security keys in Android and Apple iOS smartphones to securely access Google services after the online giant tweaked its Advanced Protection Program.
Google's Advanced Protection Program was introduced in October 2017 and is a free service aimed at especially exposed users such as journalists, activists, and business leaders whose personal accounts may be subject to phishing attacks.
It utilises hardware security keys to protect against unauthorised account access, replacing two-step verification via short messaging service texts and Google Authenticator.
Using hardware security keys solely for account access is a very effective way to stop phishing attacks completely, a study published by Google in May last year showed.
Despite the robust security provided by the keys, users have found them difficult and expensive to obtain, Google recognised.
Keeping track of a main hardware security key and a backup one is a burden for users, and Google's product manager for APP acknowledged that "we haven't made it easy enough to enrol [in the program]".
Google has now simplified APP by adding support for hardware security keys built into Android and Apple iPhone handsets, obviating the need to carry and keep track of additional access control devices.
Enrolling in APP with a recent smartphone running iOS 10,0 or higher requires users to first sign in to the Google Smart Lock app to activate the iPhone security key.
After the security key activation in Smart Lock is done, users can enrol in APP by visiting g.co/advancedprotection.
Android users can simply visit the above website and activate and enrol in APP with one click.
In both cases, Google's Chrome web browser has to be used. Other browsers are not supported for APP enrolment.
After enrolling in APP, Google strongly recommends that users register a backup security key for their accounts and keep it in a safe place in case they lose their phones, to avoid being locked out of services.