Protecting high risk users with Advanced Protection
Advanced Protection is Google's strongest security program, built to protect users at highest risk of targeted attacks – such as journalists, politicians, and activists – particularly during critical elections.
How does it work?
When signing in
Users were required to use a physical security key to sign in to their account, the strongest form of authentication and the only one proven to be completely resistant to phishing attacks.
While using your account
Additional layers of protection would be applied on the user's behalf, limiting third-party access to your data and blocking most downloads.
An extremely high barrier to entry
The requirement of 2 security keys to enroll in Advanced Protection resulted in a low number of organically enrolled users. To grow the user base, Advanced Protection relied on partnership programs (e.g. Defending Digital Campaigns) to fund and distribute security keys to specific populations.
A History in Advanced Protection's Enrollment
2019 | "Instant" enrollment
The team's first attempt at lowering the barrier to entry was to offer eligible users a 14-day trial of Advanced Protection without a security key, giving users 2 weeks to purchase and set up a physical key.
Seems simple, right?
Wrong. 97% of users dropped out from the 14-day trial, and a very few percent of them actually re-enrolled later with security keys.
This version was deprecated in early 2020.
January 2020 | "One-click" enrollment
In January of 2020, six months after joining the team, I launched the "one-click" enrollment flow, providing users with the ability to enroll with a new phone-based "built-in" security key we simultaneously launched natively on Android and via the redesigned "Smart Lock" app on iOS.
January 2020 | "One-click" enrollment
Enrollments increased by 12x just 2 weeks post launch and we finally surpassed a long awaited 50k enrollment threshold with 60k enrollments 1-month post launch.
However shortly after launch, we found that 72% of our newly enrolled users were getting locked out of their accounts.
We paused this enrollment flow 3 months later and ultimately, deprecated it.
A revised goal
After two unsuccessful attempts at increasing our user base, I went back to the drawing board and proposed a controversial new approach to Advanced Protection's enrollment – one without a security key requirement.
Lower Advanced Protection's high barrier to entry to sustainably increase enrollment rates, allowing Google to protect more users.
A guided enrollment
Working closely with my engineers to ensure we maintained a high level of security, I came up with a new proposal – a step-by-step, flexible enrollment journey allowing users to leverage non-security key authentication methods like Google Authenticator, which were more commonly used.
We'd also introduce a new, but more obtainable requirement of adding both a recovery email and phone number to relieve lock out concerns.
A win-win scenario
To streamline the onboarding experience, any existing authentication methods (including their recovery email and phone number) would be automatically filled in for the user, allowing them to skip ahead whenever possible.
This design also improved security incrementally. Each step strengthened the user's account, so even if they dropped off before enrolling, their account would still be safer than when they started.
A final review
The last step before turning on Advanced Protection would be a quick review of additional changes to a user's account once enrolled, such as limiting account access on untrusted apps, and signing users out of some devices that haven't had any recent activity for security purposes.
Clear confirmation and navigation to program settings
Once enrolled, users land on a new Advanced Protection settings page where they can review the program's benefits and manage their enrollment.
I also introduced a branded progress indicator inspired by the program's new logo, including a blue arch over Google's signature shield, emphasizing Advanced Protection as an extra layer of security. These details reinforced a cohesive account security narrative throughout the experience.
Leveraging existing security tools to further improve a user's security
Since security keys would no longer be a requirement, this solution would personalize the users' security experience by recommending security keys to new users who didn't enroll with one via the Security Checkup.
We'd also leverage the Security Checkup to recommend enrolling into the program for users identified as higher risk. These users would see this recommendation either directly on the settings page at the Advanced Protection toggle, or in their advice cards in the checkup.
Project outcomes
After obtaining alignment with my product management and engineering partners, we brought the proposal to the Google Account Security team's cross-functional senior leadership. The concept was approved – a groundbreaking accomplishment given that it went against the program's initial mission to provide unphishable protection to users.
While the full proposal was postponed due to resourcing, core principles I championed like flexible enrollment, recovery requirements, and personalized security recommendations, became foundational to how Google approaches account security today. The 2025 launch of passkey-based enrollment validated my thesis: lower the barrier without compromising protection.
My journey in account security has taught me that we need to meet users where they are when trying to encourage their adoption of powerful and intimidating technology.