Tech Giant Google Now Turns To Physical Locks For Security
As the EU slaps Google with a $5 billion fine resulting from an Android antitrust case, the search giant is now set to become the first company ever to secure its employee data files against phishing using a physical lock. Google, an 85,000+ employee strong organization, is rolling-out a physical security device known as a “dongle” for all its staff, with the hopes of lessening their dependence on passwords on respective office computers.
Despite being a staple in the world of access control, passwords are not always convenient in an age where scammers now make a living out of social engineering and phishing attacks. By deceiving users into inputting their personal information, these cybercriminals have managed to wreak havoc on password security. For example, a good phishing email might notify a user of some fraudulent activity on their bank account and request they input their personally-identifiable data in order to resolve the issue. But no real bank would ever send out such a communication, as they have already encrypted their customer data and stored in on a secure database.
As Google’s market presence has increased over the last twenty years, their employees have become increasingly exposed to more customers than ever before. This has increasingly exposed them to various phishing attempts, more so than other, smaller companies. With the two-factor authentication system implemented by the physical security dongle, Google employees cannot access their work computers and various Google systems without the physical possession of this device. These “Googlers,” as they are often called, possess a great deal of private Google tech information, and like any other tech giant, their employees must sign a non-disclosure agreement prior to their employment.
The physical security dongle is set to replace the internal use of Google Authenticator within the organization. Google Authenticator is a Google App for providing a 3rd party two-factor authentication login for many web services that support it. While conveniently effective, for the Googlers, a physical device is much more private and creates an efficient atmosphere of “something I possess” mantra.
The physical security dongle is from YubiKeys; it creates and saves a special token on a tiny USB device. It supports Plug&Play technology, enabling easy installation, setup, and usage. The technology both supports the new Type-C connector and the old USB connector + NFC for those that want to use it with their mobile device.
Security keys are not exclusive to corporate security devices but can be bought online and used for many web services like Github, LastPass, Dropbox and etc. Mainstream versions of Firefox, Chrome, and Opera also support the security dongle device. As of this writing, there has been no news that Google was affected by any data breach or phishing attacks.