How Google Made Sure None of Its 85,000+ Employee Get Phished

Share

Google told Business Insider that none of its employees had been successfully phished since it started requiring them to use security keys to log in.

While there is a risk of losing the device, it is considered safer than two-factor authentication (2FA) as hackers could intercept text messages containing one-time codes sent to your mobile phone and gain entry to your accounts. These are used in place of passwords and one-time codes, such as those created by tools such as Google Authenticator, which Google's workforce of more than 85,000 staff were required to use before.

"We have had no reported or confirmed account takeovers since implementing security keys at Google", said the spokesperson.

FIDO Alliance's Universal 2nd Factor (U2F) standard for two-factor authentication (2FA) security keys may soon bring phishing to an end. "It all depends on the sensitivity of the app and the risk of the user at that point in time". This is a major problem from a security perspective, because it renders the security key as (in-) secure as the SMS 2FA.

U2F allows the user to simply plug in their Security Key and press a button on the device to log into their accounts (on a Security Key supported website).

Not every site supports USB security keys, but the biggest services including Google, Facebook, Dropbox and most recently Twitter do. Do you use a Security Key? Logging into an account with two-factor requires something you know (your password) and something you have (usually a single-use code).

Rescue Crews Search For Missing In Greek Wildfires
Officials said at least six major fires , fueled by strong winds and forests in towns near Athens , are burning across Greece . So far 715 people have been evacuated, mainly from the area of Mati, according to government spokesman Dimitris Tzanakopoulos.

The physical security key, however, makes it harder for hackers to acquire that second factor.

U2F is an emerging open source authentication standard, and as such only a handful of high-profile sites now support it, including Dropbox, Facebook, Github (and of course Google's various services).

Currently, U2F is supported by Chrome, Mozilla Firefox, and Opera. Microsoft will update Edge later this year for support and there is no word on if Apple will support it. Apple has not announced a date for the roll-out of U2F on Safari. Phishing remains one of the most common ways for attackers to trick people - yes, even the tech-savvy ones - into giving up their credentials or installing a malicious file on their computers.

The rollout of a suite of new email security services follows a US presidential election past year shaped in part by the disclosure of emails belonging to associates of Democratic candidate Hillary Clinton that were obtained through phishing schemes.

Google created a web page, g.co/advancedprotection, to walk users through setting up advanced protection, including where to purchase USB and Bluetooth security keys on Amazon.

Share