Published: Wed, July 25, 2018
Electronics | By Kelly Massey

Google Uses Physical USB Security Keys to Prevent Employee Phishing

Google Uses Physical USB Security Keys to Prevent Employee Phishing

No Google employee has fallen prey to phishing attacks since early 2017, which is when the company started requiring all its workers to use physical security keys.

Some of the companies that support U2F keys also tend to leave SMS 2FA enabled as a "fallback" for when, for whatever reason, the users won't use the enabled U2F security key instead.

None of Google's 85,000 employees have been successfully phished on their work accounts since it started requiring security keys to log in, the company said.

"We have had no reported or confirmed account takeovers since implementing security keys at Google", said the tech giant, in a statement to Krebs on Security.

FIDO Alliance's Universal 2nd Factor (U2F) standard for two-factor authentication (2FA) security keys may soon bring phishing to an end. "It all depends on the sensitivity of the app and the risk of the user at that point in time", the Google representative added.

The security key process proves more secure.

If U2F tokens are such an effective way to boost security, why do so few people beyond Google use them?

'Stay out of sun' warning angers tourism bosses
They added: "There is a slight chance that power cuts could occur and other services to some homes and businesses could be lost". Speed restrictions were also introduced by Northern on Tuesday and Greater Anglia on Monday because of the soaring temperatures.

Once a device is enrolled for a specific Web site that supports Security Keys, the user no longer needs to enter their password at that site (unless they try to access the same account from a different device, in which case it will ask the user to insert their key).

Physical security keys can safeguard users who have been "phished", or duped into disclosing their log-in credentials, by requiring more than just a username and password to access an account. They work with Chrome, Firefox, and Opera browsers. Microsoft will reportedly update its Edge browser to support U2F later this year.

Russian military officials used phishing attacks to hack Democratic Party targets during the 2016 race and steal materials subsequently leaked online prior to President Trump's election, including internal Democratic National Committee correspondence and the personal emails of John Podesta, the chairman of Democratic candidate Hillary Clinton's campaign, according to USA officials.

USA intelligence agencies have concluded that those hacks, which included a breach of Clinton campaign manager John Podesta's personal Gmail account, were carried out by Russian Federation as part of a broader cyber campaign to help Donald Trump, a Republican, win the White House.

But he noted that they may create compatibility issues among some who already integrate custom security tools with their Google products.

While we're on the subject of multi-factor authentication, I should note that Google now offers an extra set of security measures for all of its properties called Advanced Protection.

Like this: