Landshark Information Technology

How Google completely stopped phishing attacks for its employees.

     In early 2017 tech giant Google implemented a company policy that required all of its 85,000 employees to use physical security keys. These keys replace the need for passwords and codes sent via text message to gain entry into an account. Since the implementation of the security keys Google has recorded zero incidents of accounts being compromised due to phishing attacks. 

     Traditionally phishing is mitigated with the use of two-factor authentication which requires a user to submit their password plus another form of authentication generally a one time use code sent to their phone. This effectively makes it so if a hacker was to gain access to an account they would need to have access to both forms of authentication.

     A physical Security Key makes use of another type of multiple factor authentication U2F (Universal Second Factor) which requires users to insert their security key into a USB port on their computer and pressing the unlock button on the device. This unlocks the account and does not require the input of any passwords or other forms of authentication.

     U2F is currently supported by the major web browsers Chrome, Firefox, and Opera, aswell as Facebook and GitHub. Microsoft has U2F support slated to come out for its Edge browser later this year. Apple currently has no time line for U2F support for Safari. 

     Since the success of the security policy implemented by Google they have recently announced that they will begin selling its Titan security key. It will be available in both USB and Bluetooth configurations for $20 and $25 respectively. 

Sign up for our newsletter!