Google's Secret to Avoid Phishing? A Physical Key.

Mott Jordan/Shutterstock.com

The security tech has been adopted by every employee.

Phishing can have dire consequences for you and your data, and the stakes are even higher if you work at a high-profile company like Google. 

The tech giant adopted a new tactic to keep their employees' info safe: physical USB security keys. The company claims that the 85,000 employees haven't experienced a phishing incident since it started using the keys, Krebs on Security reports.

"We have had no reported or confirmed account takeovers since implementing security keys at Google,” a Google spokesperson told Krebs. “Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.”

The physical USB security keys act as a beefed-up alternative to traditional two-factor authentication. Instead of entering a password and then entering a code sent to a mobile device via text message, the user will log in by plugging in the USB key and pressing a button to gain account access. If hackers were to get ahold of user passwords, they wouldn't be able to do anything with them without the key.

If this form of security interests you personally, you can buy a key for yourself from a site like Yubico but not every site supports physical keys. Adoption, however, is growing.

Large sites such as Dropbox, Facebook and Github support security keys, as well as multiple web browsers, including Chrome, Firefox and Opera. Even the Defense Department is looking to add a physical component to identity verification.

And even with a physical security key, it's still important to create and use strong passwords, especially for your email and financial accounts.