The key to securing your office computer just might come in the form of an actual physical key: a USB-based security dongle that you can plug into your PC to access your account.
In 2017, Google deployed the physical keys to 85,000 employees – and since then the company has reportedly staved off phishing attacks against Googlers, cybersecurity expert Brian Krebs reported.
“We have had no reported or confirmed account takeovers since implementing security keys at Google,” a representative from the company told Krebs.
Even if hackers manage to steal or hack your password, they will still be barred from the account without that key.
This makes it ideal for managing workers’ access to proprietary documents and enterprise tools. As data privacy regulations become stricter across regions, the key provides an extra layer of security to fence off employee data and other digital files from prying eyes.
Now, Google is looking to sell the product as the Titan Security Key through its online store in the next few months.
Google’s security keys are an alternative to the usual two-factor authentication (2FA) method already being used by Gmail, Facebook, and Dropbox. 2FA uses a combination of two security measures to verify a user’s identity during login.
If you’re accessing your mailbox, for instance, you might be required to input your password plus a one-time code (often sent to you via SMS) to serve as a secondary requirement for login.
The technology and technique are nothing new. The only difference is that Google employees are required to use a physical dongle as a secondary verification factor (also dubbed Universal 2nd Factor or U2F). Users simply need to insert the key and press a button on it once they’ve enrolled the key for accessing certain sites, Krebs explained.
“Users might be asked to authenticate using their security key for many different apps/reasons,” the Google representative said. “It all depends on the sensitivity of the app and the risk of the user at that point.”