None of Google's 85,000 Employees Have Been Phished in More Than a Year After Company Required Them to Use Physical Security Keys For 2FA

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. From the report: Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device). A Google spokesperson said Security Keys now form the basis of all account access at Google. "We have had no reported or confirmed account takeovers since implementing security keys at Google," the spokesperson said. "Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time." The basic idea behind two-factor authentication is that even if thieves manage to phish or steal your password, they still cannot log in to your account unless they also hack or possess that second factor.

When will banks do this?

[blindseer]

People are amazed I don't do on-line banking, given my high tech lifestyle and knowledge of computers. I don't do online banking precisely because of what I know of computer security.

I'll take on-line banking seriously when my bank takes it seriously. That means offering some kind of key for user verification. This might be in the form of one of those pseudo-random number generators I had from a previous employer, a USB key like mentioned in the fine article, or whatever else of similar function that might be out there. I'd like something that I can use from any computer but even if it's limited to my home computer or smart phone then I'd be very pleased. Until then I'm fine with going to the conveniently located brick and mortar bank location and take advantage of the BTMs (bio-teller machines) inside.