Security systems always seem to be inadequate when it comes to protecting against phishing attacks, at times even the smartest security systems tend to fail. Google wishes to change this forever, it revealed that their employees are using Security Keys to log in to accounts. Since the implementation of the Security Keys, there has been no reporting of any phishing attack since early 2017.
Use of Security Keys to Neutralize Phishing – Google
Imagine a world where phishing attacks are a common phenomenon, Google manages to stay away from these attacks since 2017. Yes, you heard it right Google has made a disclosure where it revealed that it has not witnessed a single phishing attack since 2017. Google with more than 35000 employees is successful to protect itself from Phishing attacks by using Security Keys.
Speaking to KerbsOnSecurity a Google spokesperson said
“We have had no reported or confirmed account takeovers since implementing security keys at Google. Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.”
The employees have been eliminated from remembering a password or one time codes since the use of physical Security Keys.
What Are Security Keys And How They Work?
The Physical Security Keys are simple USB devices which provide an alternative to the common use of two-factor authentication. As you all know in the case of two-factor authentication we need to have a mobile phone to receive the password code for login verification. Once we enter the password we get access to the website.
Whereas in the case of Security Keys the simple USB device offers a multi-factor authentication. You simply need to insert the USB key in the USB drive of your device. After connecting to the device simply press the button to complete the verification process and log in.
As the Security Keys work on open authentication standard known as ‘Universal 2nd Factor (U2F)’, which eliminates the need to memorize the passwords for various sites. A single Security Key can be used to access multiple sites by simply inserting the Key in your device USB. It’s completely hassle free as you no third party software or driver installation. Simply plug it and you are good to go.
The Security Key has been around since 2014. Google introduced the Security Keys back then to access their Gmail Accounts. Other tech firms which use Security Keys are Dropbox, Github, and Facebook. There are other like LastPass and Dashlane, who use U2F.
Do you think Security keys is a foot in the right direction, please leave your views and comments below.