To Stop Phishing, Google Gave Security Keys to All Employees

How is Google preventing its employees from getting hacked? By using some hardware anyone can buy: USB security keys.

SecurityWatch

In 2022, the visitor began giving out physical security keys to all 85,000 employees. And since then, no employees accept reported any confirmed takeovers of work-related accounts, Google said on Monday.

The news, which was start reported by the security journalist Brian Krebs, highlights how a physical security key can forbid your online accounts from getting breached. Simply protecting your account with a password often isn't plenty. Hackers can sometimes guess them, or they can use a phishing email to fob yous into giving them up.

However, a security key offers a level of protection that tin stymie the all-time hackers from infiltrating your accounts. Information technology works like this: Any computer that attempts to log in will need both the password and the physical key.

Security experts call this setup two-gene authentication, in which yous need both the countersign and another piece of information to access the business relationship. The biggest internet services, such as Google, Facebook and Twitter, really already offer this security solution and you can utilise it at present for free.

YubiKey Neo

The only deviation is that this two-cistron authentication is by and large used with a password and a special code that is generated over your smartphone. Trying to hack someone with this security setup isn't easy, just information technology can still be washed.

Imagine a hacker who has your phone number. He could endeavor to trick you into giving up the special one-time codes generated over you smartphone. Other hackers have managed to crack ii-factor authentication by spying over a cellular network and intercepting the SMS messages loaded with the special codes.

A concrete security fundamental solves this problem by introducing actual hardware into the equation. Password and special codes are all digital, making them easy to send and replicate. A USB security key, on the other hand, isn't. To intermission into your business relationship, a hacker has to non simply know your password, but personally come and steal your security key from you. This probably explains why Google employees have been so hard to phish.

If you're in the market for a security key, the well-nigh popular manufacturer of them is Yubico, which offers them starting at $20. The more expensive models tin can be used to connect with a smartphone or a USB-C port.

Not every site supports USB security keys, but the biggest services including Google, Facebook, Dropbox and well-nigh recently Twitter do. The whole tech manufacture is also working to roll out new login standards that'll help brand support for the keys universally accepted.

If you're on a budget, using two-cistron authentication is however recommended. But it's a good idea to generate the special codes y'all'll receive through an authenticator app, instead of via SMS messages.