Google's Good Deed

This newsletter — Ok, my conceptual identity* — hasn’t been kind to Google and other platform companies and tends to not want to give the companies the benefit of the doubt when they announce advances in security. (Facebook moving towards end-to-end encryption as a business strategy still has been scratching the noggin.)

One complaint I’ve had (and voiced) is hat Google, Facebook and Twitter still make it hard for you to really and truly, with a few simple clicks, meaningfully make your accounts more secure. You’ve still got to click on a lot of links and make a lot of small choices and figure out whether you want (for example) your YouTube browsing history to influence the ads you see on Instagram.

Well today, Google announced an initiative that, if a lot of people adopted it, would make virtually all gmail accounts much less susceptible to spear-phishing attempts. Starting today, anyone can enroll in Google’s advanced protection program, which they had heretofore offered only to “high risk” folks, like politicians and campaign workers and celebrities.

In essence, it allows you to easily enable two-factor authentication for your Google Account, AND Google monitors efforts to break into your accounts. I still use a key for two-factor authentication, because keys are the safest way, but it is true that, for some, keeping a physical security token or a key isn’t convenient.

The upside: it took me less than one minute to enable this protection.

The downside: it only works on Chrome.

This is important. Campaign workers, journalists, election officials, and anyone else should consider accepting Google’s invitation. It will help secure the digital commons.

A few short items:

  • We are product-agnostic here at the newsletter.** 1Password’s two-factor authentication protocols are also good to use, if you use that app as a password manager.

*Newsletters can’t speak. Humans can.

** The royal “we” is actually just one person. Me.