If you've been hacked inwards recent years, odds are you roughshod for that perfectly crafted phishing message inwards your email. Even the most mindful individuals tin give notice skid up, but Google's employees get got reportedly had a flawless safety tape for to a greater extent than than a twelvemonth cheers to a recent policy requiring them to purpose physical safety keys.
Krebs on Security reports that inwards early on 2017, Google started requiring its 85,000 employees to purpose a safety fundamental device to handgrip two-factor authentication when logging into their diverse accounts. Rather than merely having a unmarried password, or receiving a secondary access code via text message (or an app such every bit Google Authenticator), the employees had to purpose a traditional password every bit good every bit plug inwards a device that alone they possessed. The results were stellar. From the report:
A Google spokesperson said Security Keys straightaway shape the ground of all draw concern human relationship access at Google.
"We get got had no reported or confirmed draw concern human relationship takeovers since implementing safety keys at Google," the spokesperson said. "Users mightiness endure asked to authenticate using their safety fundamental for many dissimilar apps/reasons. It all depends on the sensitivity of the app as well as the opportunity of the user at that shout out for inwards time."
A Google spokesperson confirmed that arguing when reached past times Gizmodo.
Obviously, Google employees are a prime number target for hackers. Even successfully phishing a low-level worker tin give notice render merely plenty access to larn inwards sensitive systems or render a jumping off shout out for to target an employee amongst deeper access. So, when Google says it weathered mayhap thousands of attacks over a twelvemonth without whatsoever known incident, it's worth perking upwards as well as paying attention.
You belike already purpose two-factor authentication for at to the lowest degree some of your accounts, as well as if non yous sure should. The sentiment is that an extra stride has to endure taken past times anyone trying to access an account. For example, if yous merely had to click that shady link inwards your inbox as well as accidentally handed over your Gmail password to a hacker, they'd however demand to larn the code from a text message or authenticator app to larn far to your account. Before implementing the physical safety fundamental requirement, Google employees used Google Authenticator for that minute layer of protection.
Last year, the fellowship took things a stride farther amongst Universal 2nd Factor Authentication (U2F) via a device similar the pop USB YubiKey. Even those text message codes sent to your telephone tin give notice endure hijacked past times a determined hacker, but a Security Key has to endure physically inserted into the machine you're using. If a hacker actually wanted to larn inwards your files, they'd get got to larn their hands on the device itself.
Until nosotros figure out a better alternative to passwords, U2F is 1 of the best options to protect yourself. Unfortunately, it isn't available everywhere. It merely thence happens to function inwards Google's Chrome browser, thence there's the practiced PR angle. But it tin give notice also endure manually configured inwards Firefox. It tin give notice endure used for apps similar Facebook as well as password managers similar LastPass, every bit well.
Yubico and Feitian are both trusted manufacturers of safety fundamental hardware if you're looking to outset using U2F inwards your day-to-day life. You tin give notice read to a greater extent than nearly getting everything laid up right here.
