Google's Secret to Protect Its Employees From Hacking Is Physical Keys

Google's Secret to Protect Its Employees From Hacking Is Physical Keys

Google says phishing incidents among its employees dropped to zero after adopting Security Keys.

By Eric Limer Jul 24, 2018

Phishing attacks, where hackers trick you into giving them your password while leaving you none the wiser, are one of the most nefarious vectors of cyberattack out there, but Google appears to have settled on an extremely robust solution for protecting its own employees. According to a Google spokesperson talking to security blog Krebs on Security, the adoption of physical Security Keys stopped the attacks in their tracks.

Security Keys, small USB stick devices made by YubiKey, function similar to two-factor authentication (2FA) methods you may (and should) already be using. With 2FA enabled, you (or hackers) need more than just username and password, they also need a second factor, often a number sent to a trusted telephone number by SMS, or a key generated by an authentication app like Google Authenticator.

These measures absolutely increase security, but they come with their own downsides. SMS messages are far from secure, and can be compromised by hackers. Authenticator apps are more secure, but are a hassle. Physical keys solve both these problems at once: There's no transmitted code to intercept, and no phone apps to fumble with or numbers to punch in at login. Instead, you just pop the key into the device and press a button.

Google's results using this tech are promising, and could help it gain the momentum for more widespread adoption. Yubikey's Security Keys operate on an open-source standard called Universal 2nd Factor (U2F), which is already supported by a number of companies and products like Google, Dropbox, Facebook, and browsers like Google Chrome, Firefox, and Opera.

Until this standard or one like it is supported near universally, Security Keys will likely remain a tool for early adopters and organizations particularly worried about security, but hopefully the practice will only spread. Because while the internet may have completely changed many of the ways we live, it looks like a physical key is still your best bet at keeping yourself safe.


Popular posts from this blog

Report: World’s 1st remote brain surgery via 5G network performed in China

Visualizing The Power Of The World's Supercomputers

BMW traps alleged thief by remotely locking him in car