I see enormous appeal in Google’s new advanced protection system for accounts. It requires a physical token to access your account, adds further screening of attachments, and has a much tougher account recovery process for anybody who legitimately loses access to their own account. It augments the security provided by their two-factor smartphone app by reducing the risk of someone using an attack against your phone as a way to steal the second factor.
Two problems are keeping me from signing up right away. First, it requires that you buy a Bluetooth token as well as a USB token. I much prefer to avoid wireless communications if possible, and I don’t want a delicate device that needs regular battery charging to carry around. The two tokens together cost about $50, and as an extra pain the Bluetooth token seems to be a pair to order via Amazon in Canada. Second, it forces you to access your account through Google’s Chrome browser, which seems unnecessarily restrictive and monopolistic.
