None of Google's 85,000 employees have been successfully phished in over a year — and it's because of a simple $20 product anyone can use

- Google told Business Insider that none of its employees had been successfully phished since it started requiring them to use security keys to log in.
- Phishing, or using misleading emails to steal passwords, is one of the most common ways people get hacked.
- Google attributes its success to products called security keys, or USB devices that you need in addition to a password to log in to a protected account.
One of the most common ways that people get hacked is called phishing or spearphishing.
Basically, attackers craft an email that looks just like something you'd normally click on, like a bill or an email telling you to change your password. Unsuspecting people click on the link in the phishing email, leading them to a site designed to look legitimate. The victim plugs in their username and password, unwittingly giving it to the attacker. Now there's a good chance that account will be hacked.
Spearphishing was one of the main ways Russian spies were able to break into the Democratic National Committee's network before the 2016 US election, the Justice Department says.
It's a big problem for businesses. You can make sure your computers are as secure as possible, but all it takes is one employee with access to sensitive data who gets fooled by an email to cause a bad breach.
One company, however, seems to have solved the phishing problem: Google. And it's all because of a $20 gadget called a security key, which Google requires its employees to use.
None of Google's 85,000 employees have been successfully phished on their work accounts since it started requiring security keys to log in, the company said.
"We have had no reported or confirmed account takeovers since implementing security keys at Google," Google told Business Insider.
Google started requiring employees to use physical security keys in early 2017, according to Brian Krebs, the security journalist who first reported Google's success against phishing attempts.
Your company may already require you to have two-factor authentication turned on, meaning that when you log in with a username and password, you have to enter a second code, usually texted to you or delivered through an app.
Google took this one step further and required all employees to start using security keys, according to Krebs. Instead of getting a text after entering your password, you merely plug the security key into a USB port on your computer and press a button.
That's a pretty big success for such a large company. Google has a lot of sensitive user data, so it's very encouraging to know its employees aren't getting phished.
You can use a security key with your own Gmail account. YubiKey models compatible with USB, USB-C, and mobile devices are available from Yubico.
In October, Google launched an advanced-protection program involving security keys for people at the highest risk of being phished, including journalists, business leaders, and activists. Google has also worked with various industry groups, such as the FIDO Alliance, to develop security-key technology called U2F.
A 2016 Google study found that text-message or app-based two-factor authentication, sometimes called "one-time password," had an average failure rate of 3%, while the U2F or security-key approach had a 0% failure rate.
There are more details about how Google's approach to authentication and login security is starting to pay off at Krebs on Security.
Source: uk.businessinsider

Latest Jobs
-
- IAM Consultant- OKTA
- Germany
- upto €90,000 plus benefits
-
I am looking for an experienced IAM process Manager to help drive forward a series of IAM implementation for a global Manufacturing business, Ideally you will be skilled with Okta and have knowledge of PAM Solutions, You will be responsible for: Driving the design and continuous improvement of complex IAM solutions in close collaboration with business partners Consult on the optimisation of IAM processes and design proper IT-based solutions to meet availability and quality targets Define technical specifications for SW-development (standards, design patterns, test cases, scenarios) and manage the life cycle of designed solutions Actively scan for relevant innovations and new technologies to identify further potential for improving IAM solutions and processes using OKTA Analyse new features of the regular Okta releases We are looking for someone with strong IAM experience as an Architect, Analyst, Technical Engineer, or similar role in the Identity and Security domain Experience with relevant certifications in development/administration, design and configuration of the Okta IAM platforms Familiar with LCM - joiners, movers, leavers, application federation - SAML, OIDC, SCIM and many other IAM terms Good mix of competences in IAM business process and project management concepts and tools e.g., ServiceNow, Jira, PRINCE2, SCRUM (agile)
-
- SAP Security Consultant
- France
- upto €70,000 plus benefits
-
I am looking for an experienced SAP Security Consultant. The ideal candidate will have a strong understanding of SAP security concepts and be able to apply them to real-world scenarios. ideally you will also have experience with Securitybridge or Onapsis, or a similar SAP security tool. Your responsibilities will include: Reviewing and auditing SAP security settings and controls Identifying and remediating security vulnerabilities Implementing security best practices Educating users on SAP security Experience experience in SAP security Experience with Securitybridge or Onapsis, or a similar SAP security tool would be very advantageous Strong understanding of SAP security concepts Excellent problem-solving and analytical skills Excellent communication and presentation skills Fluent in French & English
-
- Post Grad MSc Cyber security - Junior Cyber Risk Analyst wanted. UK
- United Kingdom
- Entry role
-
The perfect start to your new Cyber Security Career. Post Graduate Cyber Risk Analyst Wanted. Are you are fresh from earning your Cyber Security MSc and eager to start your career in Cyber Security? We are looking for a recent post graduate to join a forward thinking Cyber Security Consultancy for the ideal entry role into Cyber Security. Whilst employed industry experience is not expected, as full training and support will be provided, a history of recent education in Cyber Security / Cyber Risk is essential. We are looking for someone with an inquisitive mind, who is confident to ask the right questions and who isn't afraid to challenge the status quo. Superb communication skills are a must (in person, written and verbal) This is a UK based role that is remote first with monthly travel (1-2 a month) to meet with the team and in time to meet clients. If you aren’t available to travel this isn’t the opportunity. We are unable to provide VISA sponsorship as there will be a requirement to achieve Security clearance If you're adaptable, open to fresh perspectives, and excited to be part of a forward-thinking team and looking for an opportunity to help make a difference in a Cyber consulting role, this opportunity is for you. For more information apply here……
-
- Microsoft Exchange Contractor | London | OUTSIDE IR35 | SC Cleared
- London
- OUTSIDE IR35
-
Microsoft Exchange Contractor | London | OUTSIDE IR35 | SC Cleared • We require someone that has experience of migration exchange from windows server 2012 to 2019. • In depth understand of On-Prem exchange server management and deployment. • Experience migrating On-Prem exchange servers from 2012 upwards. • Secure Email Gateway experience essential Due to the nature of the requirement the individual must be commutable to London 2-3 days a week.