Google's Secret to Protect Its Employees From Hacking Is Physical Keys
Google says phishing incidents among its employees dropped to zero after adopting Security Keys.
By Eric Limer
YUBIKEY
Phishing attacks—in which hackers trick you into giving them your password while leaving you none-the-wiser—are one of the most nefarious kinds of cyberattack out there. But Google appears to have settled on an extremely robust solution for protecting its own employees. According to a Google spokesperson talking to security blog Krebs on Security, the adoption of physical Security Keys has stopped the attacks in their tracks.
Security Keys are small USB stick devices made by YubiKey that function similar to two-factor authentication (2FA) methods you may (and should!) already be using. With 2FA enabled, you (or hackers) need more than just a username and password for access. A second factor is required, often a secret number sent to a trusted telephone number by SMS, or a key generated by an authentication app like Google Authenticator.
These measures help, but they come with their own downsides. SMS messages are far from secure and can be compromised by hackers. Authenticator apps are more secure, but are a hassle. Physical keys solve both these problems at once: There's no transmitted code to intercept, no phone apps to fumble with, and no numbers to punch in at login. Instead, you pop the Security Key into the device and press a button.
Google's promising results could help these keys gain the momentum for more widespread adoption. Yubikey's Security Keys operate on an open-source standard called Universal 2nd Factor (U2F), which is already supported by a number of companies and products such as Google, Dropbox, and Facebook, as well as browsers like Google Chrome, Firefox, and Opera.
Until this standard or one like it is supported near universally, Security Keys will remain a tool for early adopters and organizations particularly worried about security. One hopes the practice will spread, because while the internet may have completely changed many of the ways we live, it looks like a physical key is still your best bet at keeping yourself safe.
Source: Krebs on Security
No comments:
Post a Comment