$20 Worth of Security Keeps Google Safe

KrebsonSecurity recently released an article stating that out of Google’s 85,000+ employees, none have been phished since 2017. The reason given for this success is the use of Multifactor Authentication. Specifically, Google has required their employees to use USB security keys as authentication. These USB keys cost $20 per device.


Let’s take a minute to get the rest of the class up to speed on what Multifactor Authentication (MFA) is. The typical login process involves entering your account name and then a password or phrase to access the resources you wish to use. The various pitfalls of this method are well known. The most famous of which is having your password stolen. Thieves have devised various ways to pilfer passwords using strategies such as keyloggers for exploiting software bugs or simply asking for passwords via social engineering techniques. MFA was invented to require one more step to access an account. This next step is usually in the form of having a code to enter after you input the correct login name and password. This code can be supplied in various ways. You could use a hardware code token, a device you carry with you that displays a code, that is attached to your account so that the code displayed at login is entered allowing access. You could use a software token which is usually an app on your phone that will provide a code to enter after the login/password entry. Or you could receive a text or email from a code provider. All of these require a physical device providing a code as another step to the login process. Without possession of the physical device, you cannot gain access.


Google’s use of the USB stick has protected their enterprise extremely well since 2017. There are various providers of MFA solutions. At Synergy, we highly recommend using Multifactor Authentication for all password protected resources. Microsoft Authenticator integrates completely with Office 365 offerings and other Microsoft products. Much like Google Authenticator, they can both be used to access various resources on the web. This protection works very well and stops thieves cold even if they possess your password. If you want to avoid having your organization compromised by one link to one user, contact us and we’ll be glad to help you implement Multifactor Authentication for your Enterprise.


By: Jason Ledford

  • White LinkedIn Icon

© Copyright 2020

by Synergy Technical

Corporate Headquarters

2201 West Broad St.

Suite 100

Richmond, VA 23220

DC Office

1300 I St. NW

Suite 400E

Washington, DC 20005

New York Office

101 Avenue of the Americas

8th Floor

New York City, NY 10013

North Carolina Office

4242 Six Forks Rd.

Suite 1550

Raleigh, NC 27609

Georgia Office

715 Peachtree St. NE

Suite 100

Atlanta, GA 30308