To Stop Phishing, Google Gave Security Keys to All Employees
July 24, 2018
Seid Yassin (559 articles)
Share

To Stop Phishing, Google Gave Security Keys to All Employees

How is Google preventing its employees from getting hacked? By using some hardware anyone can buy: USB security keys.
In 2017, the company began giving out physical security keys to all 85,000 employees. And since then, no employees have reported any confirmed takeovers of work-related accounts, Google said on Monday.

The news, which was first reported by the security journalist Brian Krebs, highlights how a physical security key can prevent your online accounts from getting breached. Simply protecting your account with a password often isn’t enough. Hackers can sometimes guess them, or they can use a phishing email to trick you into giving them up.

However, a security key offers a level of protection that can stymie the best hackers from infiltrating your accounts. It works like this: Any computer that attempts to log in will need both the password and the physical key.

Security experts call this setup two-factor authentication, in which you need both the password and another piece of information to access the account. The biggest internet services, such as Google, Facebook and Twitter, actually already offer this security solution and you can use it now for free.

The only difference is that this two-factor authentication is generally used with a password and a special code that is generated over your smartphone. Trying to hack someone with this security setup isn’t easy, but it can still be done.

Imagine a hacker who has your phone number. He could try to trick you into giving up the special one-time codes generated over you smartphone. Other hackers have managed to crack two-factor authentication by spying over a cellular network and intercepting the SMS messages loaded with the special codes.

A physical security key solves this problem by introducing actual hardware into the equation. Password and special codes are all digital, making them easy to send and replicate. A USB security key, on the other hand, isn’t. To break into your account, a hacker has to not only know your password, but personally come and steal your security key from you. This probably explains why Google employees have been so hard to phish.

Source | pcmag