It turns out Google's key to phishing phishing is key.
The company began using physical USB-based security keys in early 201
A Google employee has informed Krebs that security keys are being used for all corporate account access.
"There have been no reported or confirmed account takeovers since implementing security keys on Google," said the representative of the publication. "Users may be asked to authenticate with their security key for many different apps / reasons, all depending on the sensitivity of the app and the user's risk at that time."
Google did not comment immediately.
Prior to 2017, Google employees used one-time codes generated by the Google Authenticator app, according to Krebs' security features. But a security key sold for only $ 20 uses a version of multi-factor authentication called the Universal 2nd Factor (U2F). With U2F, users can log in by plugging in the USB device and pressing a button. After the device is linked to a specific site, users no longer need to enter their passwords.
Other sites are adopting U2F authentication, but only a small number currently support it for security, such as Dropbox, Facebook, and Github Krebs. It is supported by browsers like Chrome, Firefox and Opera. Microsoft is reported to update its Edge browser to support U2F later this year.