[ad_1]
Security keys would have prevented employee phishing at Google.
Josh Miller / CNET
It turns out that the key to countering employee phishing at Google is a real key.
The company began using physical USB security keys early in 2017 and since then none of its more than 85,000 employees have been phished on their business accounts, reported Krebs on Security last week. Keys serve as an alternative to two-factor authentication, in which users first login to a website with the help of a password and then must Enter a unique code that is usually sent to their phone via text or an app.
A Google representative told Krebs about security that security keys are used for all access to the company's account.
"We have not had any account takeovers reported or confirmed since the introduction of Google's security keys," the representative told the publication. "Users can be asked to authenticate by using their security key for many applications / reasons, all depends on the sensitivity of the application and the risk of the user at that time. . "
Google did not comment immediately.
Prior to 2017, Google employees used point codes generated by the Google Authenticator app, according to Krebs on Security. But a security key, which costs only $ 20, uses a multi-factor authentication version called the Universal 2nd Factor (U2F). U2F allows users to connect by inserting the USB device and pressing a button. Once the device is connected to a certain site, users no longer need to enter their password.
Other sites adopt U2F authentication, but only a small number supports it, like Dropbox, Facebook and Github, according to Krebs on security. It is supported by browsers, including Chrome, Firefox and Opera. Microsoft would update its Edge browser to support U2F later this year.
Source link
