Google Boosts Cybersecurity with Security Key Requirement

Google employees have successfully dodged phishing attempts for over a year thanks security keys and two-factor authentication.

• By Sydny Shepard
• Jul 25, 2018

One of the biggest ways companies are infiltrated by hackers is through phishing. Attackers craft an email that looks just like something you'd normally click on, like a bill or an email telling you to change your password but instead the user is giving their information away - making their account vulnerable.

Google seems to have solved this phishing problem with a $20 security key it requires all its employees to use.

None of Google's 85,000 employees have successfully been phished on their work accounts since it started requiring the extra security to log in, the company said.

"We have had no reported or confirmed account takeovers since implementing security keys at Google," the company told Business Insider.

Google took the security of their employee's accounts to the extreme. Usually when employees sign on using two-factor authentication, you put in your username and password and then enter a code that comes through a text or app. Google requires that employees insert a security key instead of the code, bolstering the security of the accounts.

In October, Google launched an advanced protection program involving security keys for people at the highest risk of being phished, including journalists, business leaders and activists. Google has worked with several industry groups, such as the FIDO Alliance, to develop security-key technology called U2F.

A 2016 Google study found that text-message or app-based two-factor authentication, sometimes called "one-time password," had an average failure rate of 3%, while the U2F or security-key approach had a 0% failure rate.