This article details recent news about tech giant Google maintained security using physical security keys.
We totally called it in our article about Star Wars and cryptography: location and physical security are the ways of cryptographic future.
News slipped last week that Google is using physical security keys to avoid phishing.
How can the physical security strategy help in our everyday lives?
Why Google Adopted Physical Security Keys
Many people know that one of the key ways to “hack” people involves phishing. Here’s a quick refresher for those who need it:
- You receive a suspicious or semi-official looking email asking for information
- Both of these kinds of emails require you to give up sensitive information such as passwords, credit card information, etc.
- You get phished when you give up any sensitive information.
Naturally, Google wanted its employees to avoid this at all possible costs.
As early as 2017, Google instated a rule that all employees had to use two-factor authentication via a security key device. Krebs on Security reported that the ~85,000 employees must use regular passwords AND a plug-in device unique to them.
“We have had no reported or confirmed account takeovers since implementing security keys at Google. Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.” – Google Spokesperson to Krebs on Security
Regular two-factor authentication is still susceptible to vulnerabilities, so Google took the next step. Universal 2nd Factor Authentication (U2F) is the next real wave in security.
Location and Physical Security in an IoT Time
The biggest issue with security in the Star Wars universe, as we pointed out, is that it required remote locations and seemingly dated physical technology.
In order to prevent hacking (if that universe has it), bases such as the one on Scarif might have required intranets as opposed to traditional internets with significant vulnerabilities.
While Google’s adoption of physical security is good, having no possible connection risks is the ultimate way to protect your data. Unfortunately, not having internet in your everyday life is not terribly realistic.
Just like Google, you can adopt U2F technology thanks to companies like Yubico or Feitian. The Yubikey product happens to integrate seamlessly with Google Chrome, but you can set it up manually with Firefox, too.
For now, in our universe, physical security generally relates to key cards and the like. In time, U2F technology will become more ubiquitous and hackers may adapt as well.