Google reveals how it stopped phishing attacks for good
Security Key process has entirely halted phishing attacks on Google staff
Google has revealed its way of cutting out phishing attacks completely.
The technology giant has said that using physical Security Keys has helped it almost entirely eradicate phishing attacks targeting its workers.
The low-cost items do away with the need for passwords or one-time codes sent by SMS, which have been previously hijacked to attack organisations around the world, with a different way of ensuring two-factor authentication (2FA).
Instead, the key plugs directly into an employee's work machine via USB-A or USB-C port, with the worker then tapping a button on the key to sign in.
Google phishing defence
Speaking to Krebs on Security, Google said that since introducing the use of Security Keys in early 2017, it has not seen a single successful phishing attack or case of account takeover against any of its 85,000 employees across the world.
“We have had no reported or confirmed account takeovers since implementing security keys at Google,” the company said in a statement. "Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time."
Despite still being a key that users could lose or misplace, security keys such as those produced by Yubikey have long been touted as a more secure option for workplace sign-ins and security. The keys form part of a form of authentication known as Universal 2nd Factor (U2F) which means that once approved, the user would not need to enter a password to log in to a certain account or website.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Google has backed the technology for sometime, with support for the authentication system used by the keys already active in Chrome, with websites such as Facebook, Github and Dropbox also supporting U2F, however other browsers are yet to offer support by default.
Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.