A year ago, Google required an impressive number of its employees – roughly 85,000 – to start using actual, physical security keys instead of codes, in order to reduce account takeover via phishing.
According to Krebs on Security, the method has been successful, to say the least – there has not been a single phishing attack since.
A Google company spokesperson said that:
“We have had no reported or confirmed account takeovers since implementing security keys at Google. Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.”
The security keys allow the user to log into websites by simply plugging the keys in and pressing a button. There is no need for passwords or one-time codes anymore.
Example of a security key from company Yubico
Credit: Yubico/ YouTube
The only downside to using the security key is the fact that, since it’s a physical item, it can easily get lost, so let’s hope that the Google employees have solid methods to secure the tiny things.