• News
  • Tech

Google says employees haven't been hacked since safeguarding accounts with physical keys

Google says employees haven't been hacked since safeguarding accounts with physical keys

This appears to be a reference to the fact that Google's systems can ask employees to present their keys in a number of contexts and not only when logging on to email when they start work.

A Google representative told Krebs on Security that security keys are used for all account access at the company.

Google is a enormous entity, with more than 85,000 employees scattered around the globe working in divisions from cloud to hardware and search.

Google told Business Insider that none of its employees have been successfully phished since it started requiring its employees to use security keys to log in. "It all depends on the sensitivity of the app and the risk of the user at that point in time".

The YubiKey is a relatively low-priced device, costing just £18 for the basic key.

In contrast, a Security Key implements a form of multi-factor authentication known as Universal 2nd Factor (U2F), which allows the user to complete the login process simply by inserting the USB device and pressing a button on the device.

Physical security keys, such as Yubico's YubiKey Security Key, have protected all Google employees from phishing attacks since early 2017.

If U2F tokens are such an effective way to boost security, why do so few people beyond Google use them?

Security Keys are cheap USB-based devices often costing less that $20, which require the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device or USB key). Once the device is enrolled for a specific website that supports security keys, the user no longer has to enter a password at that site.

In addition to Google, many other high-profile sites including Facebook, GitHub, and Dropbox are supporting similar U2F processes, according to the report.

Currently, U2F is supported by Chrome, Firefox, and Opera.

Physical security keys can safeguard users who have been "phished", or duped into disclosing their log-in credentials, by requiring more than just a username and password to access an account. Microsoft will reportedly update its Edge browser to support U2F later this year.

Apple has not yet said when or if it will support the standard in its Safari browser.

Until a U2F system is commonplace and supported by all sites, users can protect themselves from phishing attacks by following these 10 tips from TechRepublic's Brien Posey. Now there's a good chance that account will be hacked.

But he noted that they may create compatibility issues among some who already integrate custom security tools with their Google products.

Leave Your Comment

Leave Your Comment


Latest News

Breaking News



Recommended

Fiat Chrysler CEO Sergio Marchionne’s health crisis forced succession scramble

In 1994, Marchionne joined Alusuisse Lonza Group Ltd. after the Swiss chemical and pharmaceutical company acquired Lawson. In 2009, he presided over Fiat's merger with Chrysler , which was then the number three carmaker in the US.

Ten players to leave Liverpool in summer clear-out

Most people, whether they root for Barcelona , River Plate, Notts County or anyone in between, understand this. He is an outstanding player, hopefully he can stay fit and then the future is bright.

Goldfish crackers recalled over Salmonella

Pepperidge Farm has recalled four varieties of Goldfish crackers out of fears they could potentially have salmonella . Pepperidge Farms, owner of the brand, announced the recall of about 3.3 million units of the product on Monday.

Pep Guardiola: 'Almost impossible' for Manchester City to break own records

So if you hate me, hate me guys! "I'm experienced, I've played at the highest level for a long time and done a lot of things in the game".

Uber and Lyft driver fired for secretly livestreaming hundreds of passengers

Louis, Missouri has been silently streaming all of his rides on popular streaming platform Twitch without passenger consent. Louis Post-Dispatch said passengers were seen kissing, vomiting and gossiping about relatives and work colleagues.

President Trump planning emergency aid to farmers affected by tariffs

She said her bill would come at "no additional cost" while Trump's plan will only scratch the surface of farmers' losses. But Mr Kirchner said it is unlikely providing aid short term will help fix any of the long-term problems.

Demi Lovato Hospitalized for Drug Overdose

TMZ initially reported that Lovato had overdosed on heroin, but a source at People claims the incident was not heroin related . In the film, Lovato opened up about using cocaine for the majority of filming for her 2012 doc, Stay Strong .

Malcom targeted by Barcelona despite agreement with Roma

He spent three seasons with Bordeaux , scoring 23 goals in 96 appearances, and is yet to represent Brazil at senior level. Malcom agreed a five-year deal to move to the Camp Nou, with a release clause expected to be fixed at €400m.

Transgender Arizona woman says CVS pharmacist refused to fill prescription

Hall asked for her script back so she could get the prescription filled elsewhere, but the pharmacist refused, she said. But in a statement to CNN , the company said the pharmacist violated company policy and is no longer an employee.

Images Show North Korea Dismantling Missile Test Site Facilities

The July 22 photo shows visible progress made in the dismantlement. "A Rocket has not been launched by North Korea in 9 months". Decades-old remains that North Korea has handed over in the past have not always been identifiable as US troops.