October is Cybersecurity Awareness Month and Google is celebrating with a pair of security-minded updates: an upgrade to the Security Checkup feature and all-new predictive phishing protections available for the Chrome browser.
Meet your revamped Security Checkup
Available at myaccount.google.com/security-checkup, this feature has been redesigned and updated with personalized guidance to help folks strengthen their account security.
After logging in, the new Security Checkup provides a clear status of the various features of your account in the form of green, yellow and red icons. As you might have guessed already, a red icon indicates there’s at least one issue for you to take care of.
“The checkup is now your personal security advisor—a useful sidekick that makes it really easy to keep your account secure,” says the company.
New phishing protections in Chrome
Chrome now supports predictive phishing protection.
If you try to enter your Google credentials into a suspected phishing page, Chrome will put up a clear warning telling you that the website may have just stolen your password. “You could lose access to your Google Account or experience identity theft,” reads the prompt. “Chrome recommends changing your password now”.
Safe Browsing has always scanned the web for these dangerous sites. But, if a phishing site is created and used for attack moments later, even the quickest scanners can’t warn people fast enough. From our years of experience detecting phishing sites, Safe Browsing’s insights can now enable us to make predictions about risks in real time.
The company adds that predictive protections will apply even if you use a different browser after typing your Google account password into a suspected phishing site. In the future, any passwords saved in Chrome’s password manager will benefit from predictive phishing protection, not just Google ones.
Furthermore, Google will soon let apps and browsers that use Safe Browsing technology take advantage of Chrome’s new phishing protections, including Safari, Firefox and Snapchat.
Lastly, the search company is introducing a new Advanced Protection Program for a minority of its users that are at particularly high risk of targeted online attacks, like campaign staffers, journalists or people in abusive relationships.
This basically requires the use of Security Keys to sign into your Google account.
Using public-key cryptography and digital signatures, Security Keys are small USB or wireless devices that offer the most secure version of 2-step verification. If you’re enrolled in the Advanced Protection Program, an attacker who doesn’t have your Security Key is automatically blocked, even if they have your password.
The feature automatically limits full access to your Gmail and Drive to specific apps and introduces new steps during the account recovery process as another added layer of security.
Anyone with a personal Google Account can enroll in Advanced Protection, but you’ll need Chrome to sign up because Google’s browser supports the U2F standard for Security Keys.
“We expect other browsers to incorporate this soon,” Google said.