After a two-year evaluation of one-time passwords (OTPs), TLS certificates, smart cards and other authentication methods, Google confirmed that FIDO U2F Security Keys were best suited to deliver on the company’s security and usability needs. Shortly thereafter, Google expanded its deployment of the YubiKey to all staff and contractors for secure computer and server login, reaching more than 70,000 employees to date.
Google’s two year study to measure the business impact of hardware-based authentication highlighted several important benefits:
- Increased Security: Account takeovers were eliminated for internal accounts protected solely with a YubiKey and FIDO U2F.
- Accelerated Employee Productivity: Employees saw a significant reduction — by nearly 50 percent — of the time to authenticate using a YubiKey compared with using a one-time password (OTP) via SMS. Logins were nearly four times faster when comparing the YubiKey to Google Authenticator. The time saving is primarily due to the one-touch YubiKey authentication that executes in milliseconds.
- Reduced support: Compared to using a phone for authentication, YubiKeys were found to be easy to use, robust in design, waterproof and did not easily break. The YubiKey also allowed for issuing multiple backups to each employee, including one YubiKey nano designed to sit inside the user’s laptop and one YubiKey designed for a keychain. Google found support calls dropped, with 92% reduction in support incidents, saving thousands of hours per year in support costs. Furthermore, authentication failures are estimated at zero.
- Lowered Cost of Ownership: The combined security, usability, and workflow efficiencies of the YubiKey, allowed Google to give each employee multiple YubiKeys and still realize overall cost reductions.