Mandatory keys cut successful phishing attacks on Google to zero

Mandatory keys cut successful phishing attacks on Google to zero

KitGuru Says: It's good to see more exposure for the security key, it isn't ideal, but it improves account security significantly.

"Users might be asked to authenticate using their security key for many different apps/reasons", said a Google spokesperson. "It all depends on the sensitivity of the app and the risk of the user at that point in time".

Employees at Google are required to use a physical security key, and have been testing the Titan offering for over a year. So, rather than asking users to enter a password or use a code generated by an app user credentials are provided using a specific piece of hardware. With all the scary exploits going around, 2FA is the way to go to keep your data safe.

The pair of 2FA hardware keys are called the Titan Security Keys with one a USB version and one a Bluetooth version with a USB-C charging port. No special drivers or software are needed. It's also supported in Firefox and many Google services, including Chrome can use U2F. That also means socially engineered hacks which could intercept the (laughably insecure) SMS-based 2FA systems used by many companies would have no effect on someone using a hardware key. Duo Security [full disclosure: an advertiser on this site] also can be set up to work with U2F. According to the report, security keys function on a multi-factor authentication known as Universal 2nd Factor (U2F). The beauty of WebAuthn is that it eliminates the need for users to constantly type in their passwords, which negates the threat from common password-stealing methods like phishing and man-in-the-middle attacks. Trying to hack someone with this security setup isn't easy, but it can still be done. Microsoft will update Edge later this year for support and there is no word on if Apple will support it.

Erdogan to attend BRICS summit in South Africa and meet with Putin
The currency crisis complicates the outlook for Turkey's economy, given the country's US$300 billion in foreign corporate debt. The Borsa Istanbul 100 Index of Turkish stocks extended declines after the central bank announcement, sliding 3.3 per cent.

The advanced protection features include an option to require a physical USB security key to connect to a desktop computer before each log-in as a way to verify a user's identity.

Google has build a physical security key, which has been priced $20-$25 or Rs 1300 to Rs 1700 in INR. It will be available soon in the Google Store and aims to offer "the strongest, most phishing-resistant authentication factor". Google now plans to share some of the security capabilities it developed to protect its own assets with Google Cloud customers.

Ehrensvard said that Yubico will welcome all competitors in the security key industry but noted that it has decided not to launch a Bluetooth product because it does not meet the company's security standards. The trouble will be getting people to use one.

Related Articles