universal2ndfactor
Latest
Mandatory keys cut successful phishing attacks on Google to zero
Google might have just made itself the biggest example of how security keys can work better than other forms of multi-factor authentication. According to Krebs on Security, ever since the tech giant required over 85,000 of its employees to use physical security keys instead of one-time codes in 2017, it hasn't had a single case of account takeover from phishing. "We have had no reported or confirmed account takeovers since implementing security keys at Google," a company spokesperson said. "Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time."
