×

Registration

Profile Informations

Login Details

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

Google Leverages Hardware Security Keys To Protect Employees From Phishing Scams

Everyone has to deal with scams and phishing attempts online today, even Google. To protect its workers from phishing scams that could result in the theft of IP, Google took advantage of security keys for all its 85,000 workers. Since that roll out, no accounts have been compromised. The keys are USB-based security devices, such as the YubiKey pictured below, that offer an alternative to two-factor authentication. In two-factor authentication, a person must know the username or login for a website and have something like a key or an app for the second part of the authentication.

"Users might be asked to authenticate using their security key for many different apps/reasons," said a Google spokesperson. "It all depends on the sensitivity of the app and the risk of the user at that point in time."

The security key uses Universal 2nd Factor (U2F) authentication. Essentially, Google is doing is securing the accounts of its workers by using an authentication method that won't allow access to an account even if the user were to give a hacker their username and password information. Without having the security key, the other authentication credentials are worthless. Before moving to the security key devices, Google relied on its own Google Authenticator app.

The keys are also easier to use; all the worker must do is plug the security key into the USB port of the computer and press the integrated button and they are logged in. No special drivers or software are needed. Once the device is enrolled for a specific website that supports security keys, the user no longer has to enter a password at that site. If they try and access an account for the same site via a different device, they will be prompted to enter their key.

U2F authentication is described as an emerging open source standard and for now only a few sites support it. Supported sites include Dropbox, Facebook, GitHub, and Google services. Password managers are supporting U2F as well including Dashlane, Keepass, LastPass, and Duo Security. Browsers supporting U2F include Chrome, Mozilla Firefox, and Opera. However, Firefox and Quantum don't enable U2F by default. Microsoft will update Edge later this year for support and there is no word on if Apple will support it.

').insertAfter(jQuery('#initdisqus'));
}
loadDisqus(jQuery('#initdisqus'), disqus_identifier, url);

}
else {
setTimeout(function () { disqusDefer(); }, 50);
}
}

disqusDefer();

function loadDisqus(source, identifier, url) {

if (jQuery("#disqus_thread").length) {
jQuery("#disqus_thread").remove();
}
jQuery('

').insertAfter(source);

if (window.DISQUS) {

DISQUS.reset({
reload: true,
config: function () {
this.page.identifier = identifier;
this.page.url = url;
}
});

} else {

//insert a wrapper in HTML after the relevant "show comments" link

disqus_identifier = identifier; //set the identifier argument
disqus_url = url; //set the permalink argument

//append the Disqus embed script to HTML
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = 'https://' + disqus_shortname + '.disqus.com/embed.js';
jQuery('head').append(dsq);

}

jQuery('.show-disqus').show();
source.hide();
};

function disqusEvent()
{
idleTime = 0;
}

Go to Source