Select Language:
Google has introduced a new security feature called Multi-party approval (MPA) for Google Ads. This system is designed to prevent unauthorized changes by requiring a second administrator to approve any high-risk activities, such as modifying user access or roles.
This approach seems like an extra layer of protection against account hijacks, which have been increasing alarmingly in recent times. To compromise an account under this system, an attacker would need to gain control of two separate administrator accounts and secure approvals from both to carry out malicious actions.
This functionality was observed by Hana Kobzová and reported on PPC News Feed. The feature specifically mandates that a second administrator must approve actions like adding or removing users or changing their roles, ensuring that no critical change can proceed unapproved by multiple parties.
According to Google’s support documentation, any sensitive action such as modifying user permissions prompts other administrators to review and approve the change. These High-risk requests are sent to all eligible administrators within the account through in-platform notifications; currently, email alerts are not used. Every administrator has 20 days to either approve or reject the request, after which the request expires automatically. If the change is still required after expiration, the approval process needs to be restarted to generate a new request.
A screenshot of the official help document illustrates this process, emphasizing the steps involved in managing high-risk account modifications within Google Ads.
ChatGPT
Perplexity
Gemini AI
Grok AI
