قالب وردپرس درنا توس
Home / Technology / Physical key is the secret of online security for Google employees

Physical key is the secret of online security for Google employees



  Google Security Key

Security keys reportedly prevented phishing employees from phishing Google.


Josh Miller / CNET

It turns out Google's key to phishing phishing is key.

The company began using physical USB-based security keys in early 201

7, and since then, none of its more than 85,000 employees have been prosecuted on its working accounts, Krebs on Security reported last week. The keys are an alternative to two-factor authentication, where users first need to log in to a website with a password and then enter an additional one-time code, which is usually sent to their phone via text or an app.

A Google employee has informed Krebs that security keys are being used for all corporate account access.

"There have been no reported or confirmed account takeovers since implementing security keys on Google," said the representative of the publication. "Users may be asked to authenticate with their security key for many different apps / reasons, all depending on the sensitivity of the app and the user's risk at that time."

Google did not comment immediately.

Prior to 2017, Google employees used one-time codes generated by the Google Authenticator app, according to Krebs' security features. But a security key sold for only $ 20 uses a version of multi-factor authentication called the Universal 2nd Factor (U2F). With U2F, users can log in by plugging in the USB device and pressing a button. After the device is linked to a specific site, users no longer need to enter their passwords.

Other sites are adopting U2F authentication, but only a small number currently support it for security, such as Dropbox, Facebook, and Github Krebs. It is supported by browsers like Chrome, Firefox and Opera. Microsoft is reported to update its Edge browser to support U2F later this year.


Source link