Google Eliminated Phishing by Giving All 85,000 Employees USB Security Keys

Google Eliminated Phishing by Giving All 85,000 Employees USB Security Keys

We’ve all been trained not to give out our passwords, but online criminals are getting ever more clever. Phishing scams have effectively tricked uncountable people into compromising their online security, and one of the best ways to stop it is two-factor authentication. Even technologically savvy people can be fooled by clever hackers, though. According to Google, it solved the phishing problem by giving everyone a hardware security dongle. They only cost a few bucks, so that’s an amazing deal.

For the unaware, phishing is simply the practice of stealing sensitive account information by posing as a legitimate entity. For example, a password reset email that appears to be from your bank could simply be trying to fool you into entering your login details on a fake page. Spear phishing is a more targeted version where the attackers go after a specific person or group of people. This is something that Google deals with a lot because its employees have access to a wealth of valuable information.

Using two-factor authentication makes it vastly more difficult to break into someone’s account. Logging into an account with two-factor requires something you know (your password) and something you have (usually a single-use code). Google switched to physical security keys in early 2017 as a replacement for code generators or phone alerts. It says none of its 85,000 employees have been successfully phished since. Previously, Googlers used the Google Authenticator app to generate codes for logging into their accounts.

Google Eliminated Phishing by Giving All 85,000 Employees USB Security Keys

Security keys, like the popular YubiKeys used at Google, utilize the Universal 2nd Factor (U2F) standard to store a unique access token on a small USB device. Simply plug that into your computer, and you can log into your account. There are old-style USB-A versions as well as newer USB Type-C dongles that support both computers and phones. A few even support NFC to wirelessly authenticate on Android phones.

U2F security keys work with many online services like Google, Dropbox, LastPass, Github, and more. They work with Chrome, Firefox, and Opera browsers. For someone to compromise those accounts when secured with the physical key, they need to phish your login details and then steal the key from you in real life. That’s infinitely more difficult than sending clever scam emails from the other side of the world.

If you want to start using a security key on your accounts, you can get them for as little as $20.

Continue reading

Google Lunar X Prize May Expire With No Winners

The foundation is ready to pay up to $30 million in prizes, but it looks like the offer may expire in a few months with no winners at all.

Google Details Spectre and Meltdown Fixes for Its Cloud Services

It wasn't easy, but Google rolled out patches to its services, and you didn't even notice.

Chromecast, Google Home May Be Overloading Your Wi-Fi

If you've had Wi-Fi problems since hooking up a Google smart speaker or Chromecast, it may not be your router or internet that's to blame.

Google’s AutoML Creates Machine Learning Models Without Programming Experience

The gist of Cloud AutoML is that almost anyone can bring a catalog of images, import tags for the images, and create a functional machine learning model based on that.