Skip to main content
close search
site logo
Dive Brief

How does Google prevent phishing attacks on its 85K employees? It gives workers a key

Published July 24, 2018
Naomi Eide's headshot
Managing Editor
Elizabeth Regan

Dive Brief:

  • For the last year-and-a-half Google has prevented the successful execution of phishing attacks against its employees by simply introducing a key, a Google spokesperson told KrebsOnSecurity.

  • Introduced in 2017, the company rolled out physical Security Keys to its 85,000 employees, requiring the USB devices instead of two-factor authentication, according to KrebsOnSecurity. Since their introduction, Google has had "no reported or confirmed account takeovers," the spokesperson told KrebsOnSecurity.

  • With a key, users can simply login to applications or portals without entering a password, according to KrebsOnSecurity. All they have to do, instead, is plug in the Security Key and press a button. Once a device is accustomed to a key, passwords are no longer required, unless a user is trying to log in on a new device.

Dive Insight:

Google introduced a relatively simple solution to a problem that has plagued organizations for years. Rather than verifying account credentials online, the company gave employees a physical device for access.

Changing credentials and introducing physical access — whether that's through a key or GPS location — is part of an emerging shift in identity and access management.

Phishing schemes have become more advanced and malicious. Schemes mimicking authentic emails requesting wire transfers can con organizations out of millions of dollars. And even more malicious attacks gain access to an employees login credentials and can, from there, spread ransomware in corporate systems.

Some enterprising cybercriminals were even taking advantage of the privacy craze prior to GDPR's deadline and launched phishing emails against unsuspecting users.

In response, organizations have attempted to boost credential security, making password requirements longer with more frequent expirations, to the frustration of many users.

The technology sector is trying to shift away from passwords altogether. The current standard for password etiquette is giving way to biometrics and behavioral insights. Step-up authentication is also becoming en vogue as companies require additional authentication procedures if a user's behavior is out of the norm.  

Recommended Reading

Filed Under: IT Strategy, Security

Editors' picks

Company Announcements

View all | Post a press release
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell