Google might have just made itself the biggest example of how security keys can work better than other forms of multi-factor authentication. According to Krebs on Security, ever since the tech giant required over 85,000 of its employees to use physical security keys instead of one-time codes in 2017, it hasn't had a single case of account takeover from phishing. "We have had no reported or confirmed account takeovers since implementing security keys at Google," a company spokesperson said. "Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time."