Google Employees Successfully Using Security Keys To Protect Against Phishing

Ensuring adequate protection against phishing attacks is a pain in the neck even for the smartest security systems. However, Google flaunts the success of its genius security measure which has secured its over 85,000 employees from phishing. Recently, Google revealed that all their employees use Security Keys to login accounts. Following this implementation, they have not suffered any phishing attack since early 2017.

Google Use Security Keys To Neutralize Phishing

Google has revealed the secret through which its employees have not suffered phishing attacks since 2017. While phishing scams are now common, Google’s more than 85,000 employees remain protected from phishing by using Security Keys.

According to a Google spokesperson who spoke with KrebsOnSecurity,

“We have had no reported or confirmed account takeovers since implementing security keys at Google. Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.”

By using physical Security Keys, Google has eliminated the need for its employees to remember passwords or use one-time access codes.

What Are Security Keys?

Physical Security Keys are simple USB-based devices that serve as an alternative to the now ubiquitous two-factor authentication. Two-factor authentication requires you to have a mobile device to get passcodes for login verification after you enter the password to a website. However, a Security Key offers multi-factor authentication. You can complete the login process by simply inserting the USB to your device. After connecting it to your device, you can press the button to complete the verification process and log in.

Security Keys work on an open-authentication standard known as ‘Universal 2nd Factor (U2F)’ that eliminates the need to remember multiple passwords for various sites. Through a single Security Key, you can access a number of websites by simply inserting this Key to your device. It does not require any software or driver installations to work.

Google Endorsed Security Keys Back In 2014

The recognition of Security Keys by Google is not new. Back in 2014, Google endorsed Security Keys for users to access their Gmail accounts.

Besides Google, several other services also support Security Keys, including Dropbox, Github, and Facebook. Whereas, some password managers, such as LastPass and Dashlane, support U2F.

Are security keys the way forward? Let us know what you think in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil