Problems? See this thread at archive.org.
Google Eliminated Phishing by Giving All 85,000 Employees USB Security Keys
Ryan Whitwam on July 24, 2018 at 1:53 pm
https://www.extremetech.com/g00/computing/274067-google-eliminated-phishing-by-giving-all-85000-employees-usb-security-keys?i10c.encReferrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=&i10c.ua=1&i10c.dv=14
"We’ve all been trained not to give out our passwords, but online criminals are getting ever more clever. Phishing scams have effectively tricked uncountable people into compromising their online security, and one of the best ways to stop it is two-factor authentication. Even technologically savvy people can be fooled by clever hackers, though. According to Google, it solved the phishing problem by giving everyone a hardware security dongle. They only cost a few bucks, so that’s an amazing deal.
Heads-up, we have 2-factor login here as well at NBR:For the unaware, phishing is simply the practice of stealing sensitive account information by posing as a legitimate entity. For example, a password reset email that appears to be from your bank could simply be trying to fool you into entering your login details on a fake page. Spear phishing is a more targeted version where the attackers go after a specific person or group of people. This is something that Google deals with a lot because its employees have access to a wealth of valuable information.
Using two-factor authentication makes it vastly more difficult to break into someone’s account. Logging into an account with two-factor requires something you know (your password) and something you have (usually a single-use code).
Google switched to physical security keys in early 2017 as a replacement for code generators or phone alerts. It says none of its 85,000 employees have been successfully phished since.
Previously, Googlers used the Google Authenticator app to generate codes for logging into their accounts."
http://forum.notebookreview.com/account/two-step
No fancy security key to carry around on your fob, but it's better than nothing.
-
-
Google to sell its own hardware 2FA solution, the Titan Security Key
Ryne Hager, July 25, 2018
https://www.androidpolice.com/2018/07/25/google-sell-hardware-2fa-solution-titan-security-key/
Google is in full-on enterprise announcement mode, today being the second of three days dedicated to its business-centric Cloud Next conference. One interesting tidbit that's been making the rounds (independently of an announcement at the event itself, so far) is some new security hardware Google plans on selling in its store. This isn't anything so glamorous as a new phone, tablet, or Chromebook, though: They're a pair of hardware 2FA security keys.
The devices are apparently collectively called the Titan Security Key, and, as noted by 9to5Google, the two keys look pretty much identical to the Feitan ePass FIDO -NFCand MultiPass FIDO. We aren't sure how related this might be to Google's previously announced Titan enterprise security hardware, but CNET was allegedly able to confirm that these will be making use of different hardware.
This isn't just out of the blue, either. Some of you may remember as far back as Monday when the news that none of Google's employees fell prey to phishing attacks since the company switched to hardware 2FA security keys. According to CNET, an earlier version of this key is what they used internally. With less than 10% of Gmail users enabling two-factor security, it's in everyone's best interests to make the switch.
Details are sparse, and Google's site for the product has more marketing than meat to it, but both of the new keys should support NFC as well. The larger model appears to have a USB-C port for charging and Bluetooth Low Energy support as well, which is a bit out of the ordinary. In fact, Yubico felt the need to point out that it isn't involved with this product at all, although it worked together with Google previously. The company considers BLE a security risk and a power concern, resulting in a poor user experience.
![[IMG]](images/storyImages/Google-security-key-image-2-668x376.jpg)
Odds are FIDO U2F support should be included, but until Google releases more information about the Titan Security Keys, it's anyone's guess.
Google's motivation behind selling these new keys is, at least partly, price. At $30-100+, hardware 2FA keys with good feature sets can get expensive. According to a quote CNET received from Christaan Brand, product manager for identity and security at Google, "We're not quite happy where these devices are out of reach for customers who can't afford it. We're thinking that hopefully at some point in time, these keys can be in the sub-$10 range." Hopefully, these Titan keys are on the cheaper side.
Google is currently selling the new security keys to its Google Cloud customers, but they will soon be available in the Google Store as well. Although enterprise security isn't the sort of thing most people get too excited about, these products will actually be consumer-facing. The more people switch to hardware 2FA, the better."
Source: Google
Via: 9to5Google, CNETPrimes and toughasnails like this. -
I'm tempted to get one, especially since you posted it twice.
hmscott likes this.
Google Eliminated Phishing by Giving All 85,000 Employees USB Security Keys
Discussion in 'Security and Anti-Virus Software' started by hmscott, Jul 25, 2018.
![[IMG]](https://www.androidpolice.com/wp-content/uploads/2018/07/Google-titan-security-key-hero-728x409.jpg)
![[IMG]](https://www.androidpolice.com/wp-content/uploads/2018/07/Google-security-key-image-2.jpg)
