How Google has kept 85K employees from getting phished since 2017

Google Uses Physical USB Security Keys to Prevent Employee Phishing

Google Uses Physical USB Security Keys to Prevent Employee Phishing

Google hasn't experienced any successful phishing attacks since early a year ago, the company has revealed, thanks to the company-wide use of physical security keys.

Google successfully protected its 85,000 employees from getting phished on their work accounts by utilizing physical security keys as part of a 2FA strategy. "It all depends on the sensitivity of the app and the risk of the user at that point in time". Once the key is connected to a website that supports USB keys, the user doesn't need to enter their password again unless they want to access the account on another machine.

The idea, known as two-factor authentication, mean even if hackers know your password, they still can not log in to your account unless they also hack or possess that second factor - usually your phone or USB key. For someone to compromise those accounts when secured with the physical key, they need to phish your login details and then steal the key from you in real life. Google has taken a similar approach for its employees but with U2F or Universal 2 Factor, using a security key that has completely neutralised the threat of phishing on their networks.

Tour de France boss slams protesters after tear gas halts race
On Tuesday, we reported that the Tour de France was brought to a halt due to the fact protestors had interrupted the race . Crucially for general classification leader Thomas, none of his yellow jersey contenders were involved in the breakaway.

Demi Lovato rushed to hospital after apparent heroin overdose
Lovato found fame on Disney Channel's Camp Rock and Sonny With a Chance , and leveraged that into a successful pop star career. The 25-year-old star was taken from her Hollywood Home to receive treatment but her condition is now unknown.

Prowling Tiger Woods on Open charge as Spieth joins leaders
But 69 was the low score among the first 22 players out in Sunday's final round as the breeze was blowing 15-20 miles per hour . However, with only six shots separating the top 27 and a westerly wind expected to blow, Spieth is taking nothing for granted.

Google took this one step farther in early 2017, and required all employees to start using a security key, according to Krebs. By using some hardware anyone can buy: USB security keys. It's supported by browsers including Chrome, Firefox and Opera. However, the report noted that U2F is not enabled by default in Firefox. Trying to hack someone with this security setup isn't easy, but it can still be done. Microsoft will update Edge later this year for support and there is no word on if Apple will support it. The biggest internet services, such as Google, Facebook and Twitter, actually already offer this security solution and you can use it now for free. According to a recent article at 9to5Mac.com, Apple has not yet said when or if it will support the standard in its Safari browser. That's because thieves can intercept that one-time code by tricking your mobile provider into either swapping your mobile device's SIM card or "porting" your mobile number to a different device. Google has worked with various industry groups, such as the FIDO Alliance, to develop security key technology called U2F. But it's a good idea to generate the special codes you'll receive through an authenticator app, instead of via SMS messages.

Google created a web page, g.co/advancedprotection, to walk users through setting up advanced protection, including where to purchase USB and Bluetooth security keys on Amazon.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.