A physical key is the secret to Google employees' online security
Credit:
CNet
It turns out the key to counteracting employee phishing at Google is an actual key.
The company began using physical USB-based security keys in early 2017 and since then, none of its 85,000-plus employees have been phished on their work accounts, Krebs on Security reported last week. The keys serve as an alternative to two-factor authentication, in which users first log into a website using a password and then must enter an additional one-time code that's usually sent to their phone via text or an app.
A Google representative told Krebs on Security that security keys are used for all account access at the company.