Google Eliminated Phishing by Giving All 85,000 Employees USB Security Keys
We’ve all been trained not to give out our passwords, but online criminals are getting ever more clever. Phishing scams have effectively tricked uncountable people into compromising their online security, and one of the best ways to stop it is two-factor authentication. Even technologically savvy people can be fooled by clever hackers, though. According to Google, it solved the phishing problem by giving everyone a hardware security dongle. They only cost a few bucks, so that’s an amazing deal.
For the unaware, phishing is simply the practice of stealing sensitive account information by posing as a legitimate entity. For example, a password reset email that appears to be from your bank could simply be trying to fool you into entering your login details on a fake page. Spear phishing is a more targeted version where the attackers go after a specific person or group of people. This is something that Google deals with a lot because its employees have access to a wealth of valuable information.
Using two-factor authentication makes it vastly more difficult to break into someone’s account. Logging into an account with two-factor requires something you know (your password) and something you have (usually a single-use code). Google switched to physical security keys in early 2017 as a replacement for code generators or phone alerts. It says none of its 85,000 employees have been successfully phished since. Previously, Googlers used the Google Authenticator app to generate codes for logging into their accounts.
Security keys, like the popular YubiKeys used at Google, utilize the Universal 2nd Factor (U2F) standard to store a unique access token on a small USB device. Simply plug that into your computer, and you can log into your account. There are old-style USB-A versions as well as newer USB Type-C dongles that support both computers and phones. A few even support NFC to wirelessly authenticate on Android phones.
U2F security keys work with many online services like Google, Dropbox, LastPass, Github, and more. They work with Chrome, Firefox, and Opera browsers. For someone to compromise those accounts when secured with the physical key, they need to phish your login details and then steal the key from you in real life. That’s infinitely more difficult than sending clever scam emails from the other side of the world.
If you want to start using a security key on your accounts, you can get them for as little as $20.
Continue reading
The Best Smart Home Security Systems
Once a niche business with a few traditional players and some startups, home security systems are now a major battleground for not just security companies, but several internet giants. We round up highlights of the most popular options for 2020.
Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs
Intel, AMD, and Qualcomm are working to make Pluton part of their upcoming designs, which should make PCs more difficult to hack, but it also bakes Microsoft technology into your hardware.
Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019
SolarWinds, the company at the center of the massive hack that hit US government agencies and corporations, doesn't exactly use cutting-edge password techniques.
A File Sharing App With 1 Billion Downloads Has a Major Security Flaw
Trend Micro says SHAREit is a security nightmare that could allow intruders to sneak a peek at your data or even install malware. Perhaps most troublingly, the developers have not responded to Trend Micro's warnings.