Physical security keys protect Google workforce from hacking


San Francisco, Jul 25 (IANS): For more than a year, none of Google's over 85,000 employees have been hacked, thanks to physical security keys that have replaced one-time codes at their workplace.

Security Keys are USB-based devices that offer an alternative approach to two-factor authentication (2FA).

In 2FA, users log into a website using a password and then enter an additional one-time code usually sent to smartphones. In Google's case, the one-time password was sent via an in-house app called Google Authenticator.

A Google representative told Krebs on Security that physical security keys are now being used for all work-related account access since early 2017.

"We have had no reported or confirmed account takeovers since implementing security keys at Google," the representative was quoted as saying.

"Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time," the Google representative added.

A physical security key uses a version of multi-factor authentication called Universal 2nd Factor (U2F).

U2F lets users login by inserting the USB device and pushing a button on it.

"After the device is linked to a certain website, users don't have to enter their passwords anymore," CNET reported.

More platforms like Dropbox, Facebook and Github are now using U2F which is an emerging open source authentication standard. It's supported by browsers including Chrome, Firefox and Opera.

Microsoft is also reportedly updating its Edge browser to support U2F later this year.

Yubico is one physical security key maker which sells a basic U2F key for $20.

  

Top Stories


Leave a Comment

Title: Physical security keys protect Google workforce from hacking



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.