How Good are "ADVANCED" Security Programs Anyways?
Every day there are multiple attempts to log into your email, your social media, and other online accounts, usually without you even knowing about it. In the past month, I’ve logged 973 attempts to hack the All Things Secured website. Strong passwords are good and some form of two-factor authentication is highly recommended. But what about these advanced account protection options that we’ve been hearing about today? I want to explore four of the biggest advanced protection programs, what benefits they provide us and whether or not you and I should even enroll in them. This video is being sponsored
by Trend Micro More on them in a moment. The four account protection programs that we’re going to be looking at are from Facebook, Google, Apple, and then I’m even including the most recent one, Sentinel from Proton. So each of these programs looks a little bit different. Facebook Protect is a great example. Facebook Protect is something that they introduced maybe about a year ago. I’ve already done a video on that, and this is something that’s interesting because it is invitation only. That means that if you’ve never heard about Facebook Protect before, you likely aren’t able to
enroll in it anyway. You would’ve received an invitation, and if you are invited, you don’t even have an option whether or not to join, you have to or else you’ll get
have to set up a 2FA key. This is not optional, but it’s also something that you should do with or without Facebook Protect. If Facebook Protect is an option for you, you probably should have already received an email about it, but if not, you can just go into your meta account, the settings, privacy and security, and you’ll see the option right there. Once you turn it on, it can’t be turned off. It is a permanent setting. Next is Google’s Advanced Protection Program, which has been around for a little while, and you’ve probably heard about it
before. There’s a lot that it has in common with Facebook Protect and that it does also include stricter protections for suspicious logins as well as the requirement that you have a two key to protect your account. The difference here is that Google also gives you what they call enhanced safe browsing for Chrome, which just protects you against phishing and malicious websites. This is something that if you’re using Chrome, sure, maybe that’s helpful. I advise against using Chrome, but if you’re using Brave or Firefox or Libra Wolf, all of that is kind of default out of
the box anyway. What’s important to note is that Google Advanced Protection does not give you any additional encryption on the data that you store or transmit through Google, and that’s important as we move and talk about Apple in just a moment. But first, since we’re on the subject of protecting all of our accounts, why not go that extra step and protect all of the devices that you have with Trend Micro’s Premium Security Suite, you can monitor protect up to 10 devices including a PC, a Mac, mobile devices like your iOS and Android. You can get
wifi protection whenever you’re on public wifi. You can get dark web monitoring. You can even have a password manager if you don’t already use one of those. All of this allows me to know that even if I did hit a malicious website or fall for some phishing scam, I now have the protections and monitoring in place to take care of that on a device level. You can learn more about Trend Micro’s Premium Security Suite in the link in the description below, and also use the code ATS10 to get 10% off the checkout. So a moment
ago I referenced the fact that Google’s Advanced Protection does not add any additional encryption to any of the data that you store with Google, and that’s really what makes it different than Apple’s Advanced Data Protection Program. So this is something that, again, I’ve talked about this in a video before that you can watch how exactly to turn that on if you want to, but what this does is it really encrypts. It adds end-to-end encryption to most of the data that you store in your iCloud account. There are a few things that they don’t encrypt by
necessity, but most everything, including your photos, including everything that you store documents, all of that stuff is encrypted and Apple’s iCloud, which means that they can’t access it even if they wanted to. The thing about any kind of end-to-end encryption though is that now the keys solely belong to you, and Apple goes through great pains to make sure that you understand that and have protection set up. So they require you to do a recovery contact. They require you to have multiple recovery keys because they don’t want to be responsible if you lose access to all
of this data, because as I said before, when it’s end-to-end encrypted, they can’t access it for you. They can’t do a reset password like Google can. The only thing worth noting here is that all of the devices that are connected to that iCloud account have to be updated to at least iOS 16.2, iPad 16.2, or Mac OSS Ventura. If there is any of your old devices, you either have to remove them from the account or upgrade them in order to get that advanced data protection. It can also easily be turned on and off. So if
it’s something that you don’t like using, I don’t know why, but if it isn’t, you can easily turn it off. The last one I want to talk about here is a program called Sentinel by Proton. And if you’ve never heard of it before, don’t worry, it was just released in August of 2023. And what it does is it adds even greater protections for those people who are using Proton to log into email, V P n calendar, all of the different products that Proton offers. Now, Sentinel does not add any additional end-to-end encryption because, well, everything
you’re doing on Proton is already end-to-end encrypted, so there’s no need for that. What Sentinel does do is it adds stricter challenges for people that are logging in. Any suspicious logins will be flagged by an automated process and then reviewed by a human that’s not specifically mentioned for let’s say Google or Facebook, whether they do have humans that are reviewing a lot of these suspicious logins. But proton explicitly states that after an automated flagging, it will be reviewed by their security analyst who will determine whether or not this suspicious login should be allowed in. The
second part of the Sentinel program is a detailed security log. Now, if you’ve been listening to VPN marketing for any amount of time, you’ve probably have red alarm bells going off. Why in the world would we want logs? We want no logs, no logs ever. But the truth is, is that if you are running out a family account or you’re, especially if you’re running a small business account using proton, the ability to log and get a detailed audit of who’s logging in, what IP address, if they change their password, all of that, that can be
incredibly valuable for your security just to be able to monitor that and know if things need to be changed. Sentinel is an easy setting to go and turn on, but it’s only available to those people who are paid users of any proton account. So if you don’t see it, that might be the reason why. Okay, time for my soapbox here. You want to know the three companies that aren’t present on this list. That should be YouTube, Twitter, and LinkedIn. What’s the deal? YouTube has had a problem for over a year now with accounts, major accounts,
channels with millions of followers that have been taken over because they do not have a stricter form of just monitoring and protecting accounts from logins that come from different devices or different IP addresses, all of this stuff. And so because of that, all of these accounts have been taken over. And just because you have Google Advanced Protection Program turned on, I’ve realized that does not help much for your YouTube account. So YouTube has got to get something set in place. Twitter only allows you to use certain forms of 2FA if you’re a Twitter blue subscriber,
which is kind of ridiculous if you think about it. And the only kind of advanced protection they have is a password reset protection, which really honestly isn’t even worth mentioning. Finally, LinkedIn is almost the worst of them all because they don’t even allow for a security key even if you wanted to. So if you’re a LinkedIn influencer, that’d be something that I would be worried about is why in the world is LinkedIn a company owned by Microsoft, why are they not allowing for the strongest form of security and then not giving us any additional account
protection, like an advanced account protection for LinkedIn? So what can we learn here? The fact is that advanced account protections are usually marketed to those people who are journalists, activists, politicians, and those who may need additional security measures. So in other words, not us common people, but that isn’t necessarily true. Alright, first of all, if you need greater security, you need to set up a security key. One of the themes you’ve probably seen through all of these advanced protection programs is that they all require you to set up a 2FA key, not just any form
of 2FA, but specifically a 2FA security key. That’s something that you can do for most of your accounts. LinkedIn excluded, and you will add that stronger protection for your login. Second, if you’re wondering why these type of protections aren’t just default across the board, I’ll explain why. It’s because most of the time these companies value your customer experience over adding extra security. So when you log in, they want you to have that good experience of putting in your password, maybe doing a quick 2FA thing, and then logging straight in. Those times when you have to
do the extra capture or you have to plug in your key multiple times or anything like that, that adds friction to our experience of logging in. And generally we don’t like it as users, even though it is stronger security. So one of the things that you need to walk away from this is just a greater tolerance for these additional checks. I don’t mind if YouTube asks me to authenticate every single time I log into my YouTube account if that means that my YouTube account is safer and not going to get taken over by some malicious
actor. And point number three, for the amount of time that I’ve been enrolled in all of these advanced protection programs, there have been very few downsides. As a matter of fact, I don’t even know if I could come up with a downside off the top of my head. There is no good reason for us not to do it, even though it’s only marketed to these specific high threat profile people. So what do you think? Which advanced Protection programs have you already enrolled in and which companies would you like to see implement that kind of program?
Leave a comment below and make sure to visit Trend Micro and see more about their premium security suite and get 10% off using the code ATS10. See you next week.
