In order to secure the accounts of high-risk users from targeted attacks, Google offers its Advanced Protection Program. The Advanced Protection allows only Google apps and a handful of third-party apps to access your emails and Drive files by adding extra steps to verify your identity during account recovery.
In order to enroll yourself in Advanced Protection, you’ll need to purchase two security keys and register them to your Google Account. You can also register yourself to Advanced Protection using your phone’s built-in security key on Android and iOS.
What do you need to activate Google Advanced Protection
Google offers its top-of-the-line security system to defend against account hacking, phishing, and hackers from impersonating you. This system, however, requires the following things:
- Physical security keys or a phone with a built-in security key
- If using an Android phone as your primary key, ensure it’s running on Android 7.0 or higher
- Advanced Protection is also supported on iPhones running iOS 10.0 or later
- Enable 2-Step Verification on your Google account before enrolling on Google Advanced Protection
Where can you buy security keys for Advanced Protection
Google needs you to add two keys to use with Advanced Protection – a primary key that connects to both phones and computers; and a backup key that only connects to computers through a USB.
- Google Titan Security Key Bundle: Engineered by Google itself, the Titan Security Key is built on FIDO open standards and works on both USB and Bluetooth connected devices.
- YubiKey 5 NFC Security Key: Google also recommends the YubiKey 5 NFC by Yubico which is FIDO certified and can be inserted into a USB-A port or connected using NFC.
- Yubico FIDO U2F and FIDO2 Certified Security Key: Also made by Yubico, this key is compatible with any FIDO-compliant application on Windows, Mac OS or Linux and supports FIDO2 and FIDO U2F protocols.
- Yubico YubiKey 5C: Compatible with laptops that have USB-C ports
- Any Android phone running Android 7 or higher can be used as a security key
- Any iPhone running iOS 10.0 or later
How to set up your phone as a security key
In order to enable Advanced Protection on your Google account, you need to let Google use your phone’s built-in security key. You can set this up by following the instructions below.
Step 1: Open the Google app on your Android phone.
Step 2: Tap on the More button (3-dot button) at the bottom right.
Step 3: Hit the down arrow next to your account name.
Step 4: Tap on Manage your Google Account.
You will be taken to a new page.
Step 5: Tap Get Started.
Step 6: Slide through the tabs at the top and select the Security tab.
Step 7: Tap on 2-Step Verification.
This will open up the default web browser on your Android phone.
Step 8: You might need to sign in to your Google account on the next page. Enter the password and tap on the Next button.
Step 9: After signing in, tap on Add Security Key under the Security Key (Default) section.
Step 10: Select your Android phone from the compatible list.
Step 11: Tap on Add.
You’ll now see a confirmation that your phone was added as a security key.
Step 12: Tap on the Done button at the bottom right.
That’s it! Your phone is now ready to be used as a security key for future logins on other devices.
Note: You can only have one built-in security key on your account. If you have more than one eligible phone, you’ll need to switch to an eligible phone that you use primarily.
How to enroll in Google’s Advanced Protection
Now that you’ve enabled your phone’s built-in security key to sign in to Google, your next step will be to enabled Google’s Advanced Protection for enhanced security.
Step 1: Open the Google Advanced Protection page on your device.
Step 2: Tap on the Next button.
Step 3: On the next page, enter your credentials and tap on the Next button.
You’ll now see that your newly registered Android device with a security key is listed on Google’s Advanced Protection page.
Step 4: Tap on Enroll.
You’ll be taken to a new page showing all the things you might need to take care of to make Advanced Protection work.
Step 5: Tap on Finish enrollment.
That’s it. Your account is now protected by Google’s Advanced Protection Program.
How to add a backup key
After enrolling inside Advanced Protection, you can add a backup key to your Google account by tapping I already have a key or opt to continue without one by tapping Add key later.
Note: Your Android or iOS smartphone cannot be used as a backup key as Google requires you to use physical keys to sign in to Google. You can also use two physical keys instead of using a combination of your phone as a primary key and a secondary physical key. You can get yourself a physical key from Google, Yubico, or any FIDO certified service.
Enabling Google Advanced Protection will also serve with a notification that says Your security key is ready.
How to use your phone’s built-in key to sign in to new devices
Step 1: Make sure you’ve Bluetooth and Locations services on your phone, and that it’s connected to the internet.
Step 2: Sign in to your Google account using a compatible browser. We tested the feature on Google Chrome or Brave and both browsers work perfectly.
Step 3: After you enter your credentials, your browser will ask you to turn on Bluetooth connection on the device you’re signing in. Tap on the Turn on button. (If you are using PC, make sure you connect a Bluetooth dongle to enable Bluetooth on your PC. Laptops have it built-in.)
Once this is done, your Android phone with the built-in key will prompt you with a new window that reads “Are you trying to sign in?”.
Step 4: You can now verify that it’s indeed you signing into your Google account by holding down the volume button.
Google will now connect your device.
Step 5: After verification, tap on Next to sign in to your Google account.
Additionally, you can enable Google to remember the device you just signed in to by checking the Don’t ask again on this computer box.
How to fix common problems with Advanced Protection
- Bluetooth key not connecting to Android device: Turn on Bluetooth and Location services for the time you’re signing in to your Google account using your security key.
- Cannot sign in to Android TV: On your Android TV, remove your Google account and add it again and choose signing in by setting up using a phone that’s on the same Wi-Fi network.
- Error 404: You might be signed in to multiple Google accounts. Select the account enabled with Advanced Protection.
- Not receiving sign-in prompt: Ensure that both the devices ( the one you’re signing in to and the one with a security key) are connected to the internet, Bluetooth is turned ON for both and the location is switched on phone with the built-in key.
Why can’t you sign in to some services?
As a trade-off for Google’s advanced security, some of your apps and services would not fully work. This is because many third-party apps require access to your Gmail or Google Drive and with Advanced Protection, those services will no longer have the required permission.
How do you resolve this?
The only way to make the affected apps and services working again is to de-activate Google’s Advanced Protection system. Unless you’re unenrolled from Advanced Protection, you will not be able to sign in to Google on the third-party services that you wish to use. You can unenroll from Advanced Protection by:
Step 1: Head over to Settings > Google and tapping Manage your Google account.
Step 2: On this page, move to the Security section by tapping the Menu tab at the bottom and selecting Security.
Step 3: Under the Advanced Protection Program section, tap on Unenroll, sign in using your Google account password, and tap Unenroll again.
You have now disabled Google’s Advanced Protection on your Google account. Now head over to the app you want to sign in with Google. After that, you can enable Advanced Protection again by following the guide from above.
Have you enrolled in Google’s Advanced Protection Program? How else do you keep your Google account protected? Let us know in the comments below.