Google USB Security Keys Free for Many

John Lister's picture

Google is giving free USB security keys to around 10,000 users whose accounts are at particular risk. They include politicians and human rights activists.

The move follows a targeted campaign linked to Russian hackers to try to trick such users into revealing their passwords. The attackers could then not only look for sensitive information in email archives but also use the hijacked accounts to spread misinformation.

The USB keys use the two-factor authentication approach, adding an extra level of protection, meaning that simply getting somebody's password wasn't necessarily enough to get access to their account.

Russia Blamed for Phishing Campaign

Once activated by the user, the set-up means that in specific scenarios (such as using a new device to log in or accessing from an unusual location), the password only works when the USB key is inserted into the computer. Simply having the USB key doesn't work without the password, though it theoretically could be used by an attacker who gained physical access to an unlocked or unprotected device on which the user had stored their Google password.

Google has recently warned around 14,000 users of an attempt to breach their accounts by Russian hacking group APT28. It called the group "government-backed" but stressed it was a case of a targeted attempt rather than a successful breach.

How Google knows about the targeted attack isn't public knowledge. It says it "can't reveal what tipped us off because the attackers will take note and change their tactics." (Source:

Political Campaigns Educated

The security keys normally cost around $40. The free distribution is part of Google's Advanced Protection Program, designed for people at particular risk of targeted rather than general hacking attacks. These include "elected officials, political campaigns, human rights activists and journalists."

In the US, Google is working with a nonprofit called Defending Digital Campaigns. It says that by next year's elections it will have provided cyber security training to campaign staff in all 50 states on a bipartisan basis. (Source:

What's Your Opinion?

Is Google right to consider these groups at higher risk? Should it offer different protection to different people or concentrate on improving security for everyone? Could these USB keys create a false sense of security?

Rate this article: 
Average: 5 (8 votes)


russoule's picture

$40 for a USB Key? isn't that a little extreme? the device itself can be purchased for a pittance. can the programing be that difficult to do?

why not just purchase a $2 flashdrive or find an old one in your desk drawer,and load a program into the computer? you can use this site as a roadmap :

Google really isn't doing anything special and based on reports of its sharing with various governments, would these "special" users really want to expose their systems to a device issued by Google?