With the recent changes to data protection law, businesses small and large will be on their best behaviour to avoid any data breaches that could result in costly fines. Though small companies with more lax processes and security measures can be more at risk to breaches, large companies can face a whole new breed of problems. For example, employees of big name brands such as Google can run the risk of having their accounts hijacked.
Fortunately for Google, by implementing a new security measure, the company has managed to prevent any of its employees' accounts from being hacked by third parties since the policy was implemented. They’ve achieved this through two-factor authentication.
What is two-factor authentication?
We’ve previously talked about how you can implement two-factor authentication (2FA) on your Google account, though this security measure is not exclusive to Google. Many other websites with an interest in protecting your personal information now have the option to use 2FA, including social media websites, email service providers and financial accounts.
Essentially, 2FA is a process that introduces an extra layer of security into the usual login process for an account or service. You’ll still use a username and password to access a platform that’s using 2FA, but you’ll also use a secondary means of authentication. This reduces the chance of a third-party hacker being able to access your account.
This secondary security measure can take several forms. In most cases, it’ll be a code that’s sent by text message or email, especially if you’re logging in on a device that isn’t recognised for the first time. However, it could also be an application that’s installed on your mobile phone, or in this case, another separate physical item that you carry around with you.
Google’s security changes
Back in 2017, Google began rolling out physical USB security keys to all its 85,000 members of staff. This was to form the new account access process for anybody working within the company. It’s reported that the driving factor behind these changes related to the recent high-profile hacking of political email accounts within the U.S. Google issued the below statement:
'We have had no reported or confirmed account takeovers since implementing security keys at Google (…) Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.'
This security key uses a slightly different form of 2FA, known as U2F, or Universal 2nd Factor. Unlike a code that's sent to your mobile phone or email inbox, the USB key can simply be inserted into a computer. A growing number of websites are beginning to support this type of authentication, with Facebook and Google already on board.
There are advantages and disadvantages to using a physical key such as this. For example, if you’re using a code that’s sent to your email inbox, you could still be at risk if your email inbox has also been compromised. However, with a physical key that’s kept on your person, it’s very unlikely than an online stranger could get hold of the object. The disadvantage is that you must be reliable enough not to misplace your security key. Even if it doesn’t fall into the wrong hands, you’ll be locked out without it.
How this relates to you and your security
With the continuous increase in cyber criminals, it doesn’t hurt to put an additional layer of security between them and your personal information. It’s worth setting up 2FA on any account that supports it. What’s more, Google aren’t using any specialist, insider tech to achieve their security goals. You can pick up the same type of USB security devices on Amazon. Simply go to Google and find out how you can get your hands on a key.
Worried about your security?
Though U2F is a relatively new concept, you can still use the tried and tested 2FA, or two-factor authentication to secure a range of your personal accounts, particularly those that contain the largest amount of personal, identifiable data about you.
If you’re interested in finding out how to set up more security measures with a service like Google, then you can get in touch with WiseGuys on 0808 123 2820. We can also provide advice on other security best practices, such as avoiding public Wi-Fi networks and installing a VPN on your mobile.