Fast company logo
SUBSCRIBE
|
FastCo Works
advertisement

The USB devices are required to be plugged in to access sensitive data.

Google made its employees impervious to phishing using USB security keys

[Photo: Paweł Czerwiński/Unsplash]

BY Michael Grothaus1 minute read

The company told KrebsOnSecurity that none of its 85,000 employees have fallen prey to phishing attacks on their work-related accounts since early 2017, when Google began requiring its employees to use security keys instead of passwords and one-time codes for access authorization to various work-related sites and apps. According to a Google spokesperson:

“We have had no reported or confirmed account takeovers since implementing security keys at Google. Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.”

A security key is essentially just a USB thumb drive that stores a user’s login credentials and authenticates them. They can be used in lieu of a traditional password or two-factor authentication methods. As KrebsOnSecurity explains:

In contrast, a Security Key implements a form of multi-factor authentication known as Universal 2nd Factor (U2F), which allows the user to complete the login process simply by inserting the USB device and pressing a button on the device. The key works without the need for any special software drivers.

Once a device is enrolled for a specific Web site that supports Security Keys, the user no longer needs to enter their password at that site (unless they try to access the same account from a different device, in which case it will ask the user to insert their key).

In other words, even if a hacker has obtained a Google employee’s username and password, he still wouldn’t be able to access that employee’s data because a login would also require the physical USB security key.

Security keys aren’t just limited to big corporations. Plenty of vendors make consumer-level security keys you can use if you want to add an extra layer of protection to your laptop or the sites you log in to. Currently, the Chrome, Mozilla Firefox, and Opera browsers support security keys, and Microsoft is expected to support them in its Edge browser later this year.

advertisement

Recognize your brand’s excellence by applying to this year’s Brands That Matter Awards before the early-rate deadline, May 3.
CoDesign Newsletter logo
The latest innovations in design brought to you every weekday.
Privacy Policy

ABOUT THE AUTHOR

Michael Grothaus is a novelist and author. He has written for Fast Company since 2013, where he's interviewed some of the tech industry’s most prominent leaders and writes about everything from Apple and artificial intelligence to the effects of technology on individuals and society. More

Explore Topics

advertisement
Tech
News
Co.Design
Work Life