Multifactor authentication is an important part of keeping your accounts secure online. Often a second factor is the only thing protecting your accounts should a service suffer a data breach. Google has taken a similar approach for its employees but with U2F or Universal 2nd Factor, using a security key that has completely neutralised the threat of phishing on their networks.
Krebs on Security reports that since Google rolled out YubiKeys to 85,000 of their employees, there has been not one documented case of phishing taking place on their network. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” explained the spokesperson. “Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.”
U2F allows the user to simply plug in their Security Key and press a button on the device to log into their accounts (on a Security Key supported website). The key also works without needing to install any software or drivers. If the Security Key is present, the user will be able to log into any website that is attached to the device.
The YubiKey is a relatively inexpensive device, costing just £18 for the basic key. There are also slimline and Type-C models available.
KitGuru Says: The evidence says a lot, and it will be interesting to see if Security Keys and U2F take off for more than just companies. Do you use a Security Key?