Google Keeps Phishing Hacks at Bay with Security Keys

By Joakim Thorén, CEO

We all know strong security requires more than just a user name and password and have long been proponents of the cost-effective nature of smart cards and security keys. Managing those keys and cards (both physical and digital) is the basis of our business, after all!

But it's always nice to hear very positive affirmation of physical security solutions from some of the industry's biggest players. Such affirmation came earlier this month when a Google spokesperson confirmed to KrebsOnSecurity that since the internet giant began using smart keys in early 2017, none of its 85,000 employees have succumbed to a phishing attack.

Phishing attacks are those in which the perpetrator attempts to lure someone into providing information that makes it easier for the hacker to get into that user's system - such as a password or other log-in details. When users also must have a secondary means of egress into the system, such as a one-time code, physical or virtual security card or smart key, hackers have a much more difficult time.

In an article about Google's success with smart keys, Tech Times noted that there have been some hackers recently who have succeeded in intercepting one-time codes, which typically are sent through SMS messages. Whether or not that was Google's reasoning behind moving to the physical smart keys was not discussed in the article.

In research credited to Google, phishing was listed as the greatest and most predominant threat for Google accounts. Other hacking methods that topped the list were keyloggers and third-party breaches.

Want to avoid phishing schemes? Security keys, cards or other means of two-factor authentication are very important, but just as important is letting users know they should NOT respond to suspicious emails (it's unlikely an African king really wants to share his money with you to protect it from overthrowers of his government).

At as little as $20 each, physical security keys and cards from Versasec partners including Gemalto and Yubico, can easily prove their worth. With many breaches costing companies millions of dollars in lost revenues plus even greater damage to their reputations as safe places to do businesses, physical and digital security solutions that incorporate two-factor authentication are truly the way to go.

Google affirmed it, but 2FA's value is worth exploring for all companies, whether behemoths or SMBs. Click on our CHAT button on the Versasec website to discuss how you can implement 2FA in your environment.

Tags: yubico, two-factor, smartcard, authentication, gemalto, cybersecurity, real-time phishing, google.