That’s the way (ah-huh ah-huh) I lock it…
REMEMBER a couple of months ago, before the great firestorm that scorched grass and made tube travel feel as the coming of sweaty chimps?
Yeah, well, we ran a competition then, you know, the cold times, and you could win a Yubikey designed to make accessing your online accounts more secure.
Google, a vocal advocate of Yubikey (and in its wider form the FIDO Alliance standard) has been putting its dongles where its mouth would be if it had a mouth, which is impossible as it is a company not a person. But we digress….
Google gave its employees Yubikeys and told them they’d have to use them to access their company accounts, so there.
They have, and did, and the results were amazing.
No one – yes – that’s zero people, or nought per cent, succumbed to a phishing attack once the security key policy was introduced.
That is to say, nobody clicked on a dodgy link that might have otherwise given away log-in details and let bad actors get access to Google’s systems.
It’s probably worth saying what we’re all thinking – if you’re the type of person that is prone to falling for phishing attacks, then you’re possibly not Google material anyway, but that said, we can all be fooled once in a while.
Smouldering security boffin Brian Krebs first reported the initiative back in February, just over a year after the initial rollout.
Although it takes a change of behaviour in the end user, the results speak for themselves. Unlike other forms of two-factor-authentication (2FA) there are no emails or text messages with second codes to be generated.
There are ways to get in if you’ve lost your key, but they need to have been set up from the outset – otherwise, access to the account is to all intents and purposes, completely impossible.
We’ve been using Yubico’s keys for a while now (other brands are available, for the record) and with a wider range of big names already participating in the scheme, its certainly started to make for a more reassuring web environment.
More worrying is that both Microsoft Edge and Apple Safari are yet to add support for FIDO keys – though Microsoft says its coming soon. Windows Hello can accept Yubikeys as authentication for your computer, however.
Want one? No problem, grab one here. μ
(Disclaimer: we’re not getting paid to promote Yubico – we genuinely love and use the product)
Source : Inquirer