Google Advanced Protection (GAP) and Trezor Password Manager

DISCLAIMER:

So this is a sort of "how to" and a WARNING to think this through and take preparatory steps BEFORE you activate Google Advanced Protection (GAP). I take no responsibility for the accuracy of this content or any damages you may incur by following this guide. I strongly suggest you first create and keep a backup of all important account passwords and means to retrieve access to your accounts should this process lock you out of your accounts. I have of course written this with my best intent to help you set this up properly first time.

INTRODUCTION:

1. Google have released a new form of account protection which is locked down by the use of TWO separate private security keys.
2. The security settings associated with GAP will by default prevent all non-Google 3rd party apps from accessing Google Apps, this is especially important for Chrome Extensions which are not provided by Google itself.
3. It is assumed that you are using Google Chrome as your browser.
4. For those of us who use the Trezor Password Manager and have it storing our encrypted password files on Google Drive this will be a problem. If you already use Dropbox for storing your Trezor password Manager encrypted password file then skip the following steps regarding GoogleDrive.

IMPORTANT PREPARATORY STEPS IF YOU CURRENTLY USE GOOGLE DRIVE TO STORE YOUR ENCRYPTED PASSWORD FILES:

1. If you intend to use Trezor Password Manager AND Google Advanced Protection and currently store your Trezor password Files on Google Drive then you need to switch over to storing your encrypted password files on Dropbox instead. This is necessary because GAP will not allow Trezor password manager to communicate with files on your GoogleDrive.
2. If you need to open a new Dropbox account then go ahead and do this at dropbox.com
3. Ensure you have a memorable password for your new dropbox account (assume you will not be able to access via the Trezor Password Manager so you need to be able to remember it yourself)
4. Activate 2FA for your dropbox account for extra protection
5. Go to your GoogleDrive, find the folder named "Apps", find the folder within called "Trezor Password Manager", create a folder within your Dropbox called "Apps" and copy the entire "Trezor Password Manager" folder into that location on Dropbox
6. Unplug your Trezor and restart Trezor Password Manager and when the splash screen comes up, select "Log out and use different account"
7. Select "Sign in with Dropbox"
8. Give permission for Trezor to access your Dropbox account
9. Press continue and connect Trezor when prompted
10. Your previous accounts and passwords should all be accessible again but this time they are stored on Dropbox rather than on GoogleDrive. test a few out to ensure they are functioning properly.

ACTIVATING GOOGLE ADVANCED PROTECTION:

1. Visit the Google Advanced Protection site https://landing.google.com/advancedprotection/
2. Follow the instructions on the website to activate Google Advanced Protection for your account (you will need two independent private key devices). I have been able to activate GAP using a Trezor and a Ledger Nano S (i.e. one device does NOT have to be a bluetooth device ...but see additional notes below)
3. Register each Private Key device separately. After registering the first device, disconnect it BEFORE registering the second device. I'm not sure if this is critical but it seems sensible to ensure no conflict with the first device happens.
4. Quit Google Chrome, restart your computer. If you don't do this you will experience some very strange browser behaviour and things will not function properly.
5. Restart Google Chrome
6. Log into your Google Account with your normal password
7. You will need to use one of your Private Key devices to allow account access
8. Activate the Trezor Password Manager extension within Google Chrome
9. Access your Password Manager account via the Dropbox option
10. You should have full access to Password Manager accounts you have previously stored

ADDITIONAL NOTES:

Google Advanced Protection will not allow Apple OS/IOS apps to access your Google Account directly so if you want to use Gmail on your iPhone you will need to;
a) use the Google Mail app for IOS and;
b) one of your Private Key devices will need to be a bluetooth type communicator (I have NOT tested this).

IN CONCLUSION:

I hope you have found this useful and avoid the rather silly predicament I found myself in when trying to set this up for myself without a guide to prepare things in a chronologic order. I very nearly locked myself out of all my accounts.

Lastly, please feel free to comment on your own experiences and up-vote this post if you have time and help pass on the love. This is my first Steemit post so be kind :)