Physical key is the secret to Google employees’ online security

Security keys have reportedly prevented employee phishing at Google. 

Josh Miller / Techhnews

It turns out the key to counteracting employee phishing at Google is an actual key. 

The company began using physical USB-based security keys in early 2017 and since then, none of its 85,000-plus employees have been phished on their work accounts, Krebs on Security reported last week. The keys serve as an alternative to two-factor authentication, in which users first log into a website using a password and then must enter an additional one-time code that’s usually sent to their phone via text or an app. 

A Google representative told Krebs on Security that security keys are used for all account access at the company. 

“We have had no reported or confirmed account takeovers since implementing security keys at Google,” the representative told the publication. “Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.”

Google didn’t immediately comment. 

Before 2017, Google employees used one-time codes generated by the Google Authenticator app, according to Krebs on Security. But a security key, which retails for as little as $20, uses a version of multi-factor authentication called Universal 2nd Factor (U2F). U2F lets users login by inserting the USB device and pushing a button on it. After the device is linked to a certain site, users don’t have to enter their passwords anymore.

More sites are adopting U2F authentication, but only a small number currently support it, such as Dropbox, Facebook and Github, according to Krebs on Security. It’s supported by browsers including Chrome, Firefox and Opera. Microsoft will reportedly update its Edge browser to support U2F later this year.

Source link

Leave a Reply

Subscribe to our newsletter

Join our monthly newsletter and never miss out on new stories and promotions.
Techhnews will use the information you provide on this form to be in touch with you and to provide updates and marketing.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at We will treat your information with respect.

%d bloggers like this: