U2F Security Keys Show Extreme Effectiveness Against Phishing

[Lucian Armasu]

Google said that it hasn't suffered a successful phishing attack against any of its employees for the past year due to the mandatory use of U2F security keys.

U2F Security Keys Show Extreme Effectiveness Against Phishing : Read more

 

[techy1966]

Problem is once it goes main stream if ever it draws the attention of those that like to find ways to bypass security etc at which point we will see yet another security product go down the drain because it does not matter how good a product or security is there will always be someone that has the skill set to get around it.

 

[tacgnol06]

I don't know, Techy1966. At that point, it's a question of how difficult the bypass is to use. If it's any harder than "trivial", then you're still protected against casual attempts, which is to say the vast majority of them.

 

[mrjhh]

At some point, people will lose or break their U2F key, and how does one authenticate the person asking for a replacement? Someone like Google can enforce requiring an employee come to the office to get a replacement, and match the picture taken when they joined Google to the person. This does not scale, as at some point, weak links in personal identification will be found. Wetware is always the weakest link in any security scheme.