News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Obi and Google's Advanced Protection Program

Started by rikev, November 01, 2017, 08:27:14 AM

Previous topic - Next topic

rikev

I've read about Google's new "Advanced Protection Program", which states that non-Google apps/programs will be blocked from accessing your Google account...

Will opting into this program interfere with the Obi's ability to connect to the account and its associated Google Voice service?

https://support.google.com/accounts/answer/7519408?hl=en

SteveInWA

No, it won't interfere with OBi use.  I've been using Yubikeys and FIDO 2-factor authentication for several years.  It's a great idea.

rikev

This is a new offering that was just released a week ago...
I too have used Google 2FA with Yubikey and Obi without issue, but this is a new super-secure program that disables all alternative (non-FIDO) authentication methods such as SMS and TOTP, as well as supposedly blocking all 3rd party apps/connections.
I'd like to hear from someone who's actually signed up for this new program and their experience.

SteveInWA

#3
Yes, I signed up for it today, after receiving a note from Google.  As part of the process of setting it up, it will log out of all computers and devices that are using your Google Voice account.  This temporarily kills the Google Voice connection on OBi devices.

All you need to do after enrolling in Advanced Protection is to go to your OBiTALK dashboard, look at the list of SPs for your OBi, and you'll see that the Google Voice SP has failed with an authentication error.  Click the SP, then on the SP page, click the link to re-authorize your OBi device.  If you have multiple OBi devices, you will need to do this for each device.  This a one-time re-authorization (it does not impact ongoing use of the device).

Note:  if you are using Obihai's Google contacts import function (either via the optional OBiEXTRAs program or on an OBi IP phone), this will kill the ability to import contacts.  You can restore this function by clicking the button to import your contacts again, and then re-authorizing it.

See the screenshot attached.

SteveInWA

After completing this process, you can sign into your Google account on your computer, and go to the "My Account" web page to confirm that only the two OBiTALK functions have permission to access their limited information.

https://myaccount.google.com/permissions

See the screenshot below.


SteveInWA

#6
If you're an Android user, I recommend getting the Yubikey NEO NFC key.  It's expensive, but it includes FIDO support along with support for the excellent password manager Lastpass, and it has NFC, which works with Android phones that have NFC support.

Just touch your paw on the gold sensor, and you are authenticated!

rikev

Thanks for the suggestion.
I went with the FeiTian ePass NFC instead. Much cheaper than Yubikey Neo, and I'm on Android so don't need bluetooth. I do use LastPass, which does not yet support pure U2F keys, but I suspect support is coming pretty soon, so I will wait for that.