Google: Security Keys Neutralized Employee Phishing
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.
Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device).
A Google spokesperson said Security Keys now form the basis of all account access at Google.
"We have had no reported or confirmed account takeovers since implementing security keys at Google," the spokesperson said. "Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time."
(Score: -1, Offtopic) by Anonymous Coward on Tuesday July 24 2018, @01:26PM (1 child)
(Score: 3, Informative) by Runaway1956 on Tuesday July 24 2018, @02:08PM
Uhhh, please no. The "agenda", as you call it, is just good, common sense. Depending on the cloud is somewhat like the old man who buried his money in mason jars. Except, with the cloud, the old man is burying his money all over the neighborhood. Some in the mayor's yard, some in a schoolteacher's yard, some in a yard with six kids plus all the local sports teams hanging out all day, some in the landfill - all around town he goes, burying his money. Surprise, surprise - anyone can dig it up, if they just watch where he buries stuff.