Google releases study on security keys
04 March, 2016
category: Corporate, Digital ID
One of the biggest obstacles when it comes to securing identities online and multi-factor authentication is ease of use. Yes, there are always obstacles when it comes to deploying solutions but making sure people keep using the technology is a challenge.
Google released a two-year study on the use of FIDO U2F-based Security Keys, manufactured by Yubico, to harden security, improve user satisfaction, and cut support costs. The device has been rolled out to 50,000 Google employees.
The study compares other two-factor authentication schemes tested by Google and showed the Security Key has been simple easy to implement, deploy and use, as well as preserve privacy and be secure against attackers.
Highlights from the report include:
- Quicker to authenticate: Users reduced the time to authenticate with a Security Key by two-thirds, opposed to an OTP via SMS.
- No authentication failures: In Google’s rollout, authentication failures fell to zero, meaning thousands of hours saved in help desk costs for password recovery. This savings enabled Google to give each employee two Security Keys and still realize overall cost reductions.
- Privacy enhancing: The Security Keys met Google’s requirements that mandated simple APIs for developers, no user tracking, no identifiable user information on token as well as protection against password reuse, phishing and man-in-the-middle attacks.
Google referenced other technology that it revewied in the research. These included OTPs, mobile phones, smart cards, TLS client certificates and national ID cards.