Google: Security Keys Neutralized Employee Phishing. Really?
Recent press reports tell us that Google has solved the phishing problem. These stories trace their source back to a posting on KrebsonSecurity dated July 23, 2018, entitled Google: Security Keys Neutralized Employee Phishing. Krebs summarizes the solution: The basic idea behind two-factor authentication is that even if thieves manage to phish or steal your password, they still cannot log in to your account unless they also hack or possess that second factor. This is clearly an important protection against a particular subset of the phishing problem -- use of stolen credentials. But it hardly neutralizes phishing. The day after describing [...]