• Contact Sales
  • Subscription
  • Resellers
  • Support
Yubico Header Text LogoYubico Header Text Logo
Why Yubicoexpand_more
Why Yubico
  • Enterprises
  • SMBs
  • Individuals
  • Developers
  • Careers
  • Partner programs
  • Affiliate program
  • Contact Sales
  • Events
  • Press room
  • Yubico Blog
  • Yubico Executive Connect
  • About us
  • The team
  • Innovation history
  • Secure it Forward
Easy-to-use, secure authentication

With YubiKey there’s no tradeoff between great security and usability

Why YubiKey
  • account takeovers
  • Google
  • U2F
Proven at scale at Google

Google defends against account takeovers and reduces IT costs

Google Case Study
  • account takeovers
  • Google
  • U2F
Protecting vulnerable organizations

Secure it Forward: One YubiKey donated for every 20 sold

Learn about Secure it Forward
  • account takeovers
  • Google
  • U2F
Productsexpand_more
All products
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Computer login tools
  • Software Development Toolkits
  • YubiCloud
  • Using YubiKey is easy
  • Find the right YubiKey
  • Works with YubiKey
  • Compare YubiKeys
One key for hundreds of apps and services

YubiKey works out-of-the-box and has no client software or battery

Yubico protects you
  • account takeovers
  • Google
  • U2F
See YubiKeys as a Service
YubiEnterprise Subscription delivers scale and savings

Gain a future-proofed solution and faster MFA rollouts

See YubiKeys as a Service
  • account takeovers
  • Google
  • U2F
Solutionsexpand_more
Solutions overview
  • Zero Trust
  • Executive Order OMB M-22-09
  • Phishing-resistant MFA
  • Passwordless
  • Compliance
  • Cyber Insurance
  • Secure supply chain
  • Hybrid & remote workers
  • Secure privileged users
  • Mobile restricted environments
  • Call centers
  • Shared workstations
  • Microsoft ecosystem
  • Salesforce workspace
  • IAM solutions
  • AWS environment
The Bridge to Passwordless

Begin the journey to make your organization passwordless

Get the white paper
  • account takeovers
  • Google
  • U2F
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • account takeovers
  • Google
  • U2F
Federal cybersecurity requirements

See guidance for CIOs and leaders to prepare for the modern cyber threat era

See Gartner® Report
  • account takeovers
  • Google
  • U2F
Industriesexpand_more
Industries overview
  • High tech
  • Federal government
  • State & local government
  • Education
  • Financial services
  • Manufacturing
  • Energy & natural resources
  • Retail & hospitality
  • Telecommunications
  • Healthcare
  • Pharmaceuticals
  • Cryptocurrency
  • Elections & campaigns
Manufacturing and supply chain security

Authentication best practices for manufacturing using highest-assurance security

Get the white paper
  • account takeovers
  • Google
  • U2F
Phishing-resistant MFA: Fact vs. Fiction

Meet requirements for phishing-resistant MFA in OMB M-22-09 guidelines

Get the white paper
  • account takeovers
  • Google
  • U2F
Secure energy and natural resources from cyber threats

Best practices for phishing-resistant MFA to safeguard your critical infrastructure

Get the white paper
  • account takeovers
  • Google
  • U2F
Resourcesexpand_more
All resources
  • Yubico Blog
  • Cybersecurity glossary
  • Authentication standards
  • Resource library
  • Developer program
  • Product briefs
  • Solution briefs
  • COVID-19 Resources
  • Case studies
  • Get a pilot started
  • White papers and reports
  • Webinars
BeyondTrust: secured with a subscription

A global leader in Privileged Access Management adopts YubiEnterprise Subscription to simplify its deployment.

How they optimized ROI
  • account takeovers
  • Google
  • U2F
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • account takeovers
  • Google
  • U2F
Secure shared workstations against cyber threats

Shared workstations can be secured with phishing-resistant MFA.

Get the white paper
  • account takeovers
  • Google
  • U2F
Supportexpand_more
Support home
  • Find the right YubiKey
  • Set up your YubiKey
  • Downloads
  • Product documentation
  • Support articles
  • Support Services
  • Professional Services
  • YubiEnterprise Subscription
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust
How to set up your YubiKey

Follow our guided tutorials to start protecting your favorite services.

Set up your YubiKey
  • account takeovers
  • Google
  • U2F
Find the best YubiKey for your needs

Take the guided quiz and see which YubiKey best fits your or your businesses needs.

Take the quiz
  • account takeovers
  • Google
  • U2F
Accelerate your YubiKey deployment

Technical and operational guidance for your YubiKey implementation and rollout.

Professional Services
  • account takeovers
  • Google
  • U2F
SubscribeStore
  • Home » Resources » Reference customers » Google defends against account takeovers and reduces IT costs

    Google defends against account takeovers and reduces IT costs

    YubiKeys protect Google employees since 2009.
    Home » Resources » Reference customers » Google defends against account takeovers and reduces IT costs
    Heightened security
    Accelerated employee productivity
    Reduced support

    About our customer Google

    In 1998, Google was founded with one mission: organize the world’s information and make it universally accessible and useful. Since then, the company has focused on developing services to significantly improve the lives of as many people as possible, and today, Google is a global Fortune 50 company considered to be one of the leading internet companies in the world. For an innovative technology company, such as Google, the need to ensure that online access to confidential information is restricted to approved employees and contractors is critical to the company’s success.


    Key results:

    • Heightened security
    • Accelerated employee productivity
    • Reduced support
    • Lowered cost of ownership

    Contact Sales

    The results from Yubico’s resolution

    In 2009 Google was the target of sophisticated cyber attacks capable of circumventing traditional security controls. With a lack of viable two-factor authentication (2FA) options to effectively prevent these attacks and account takeovers, Google began working closely with Yubico to extend the capabilities of the YubiKey two factor authentication technology to also include public key cryptography. Through this collaboration, Yubico and Google co-created a strong authentication protocol based on the concept of a single phishing-resistant key to secure all services. It is this work that later became an open standard adopted by the FIDO alliance called the FIDO Universal 2nd Factor (U2F) standard

    One single YubiKey can secure a multitude of online services with no user information or private keys shared between the service providers. There is no reliance or requirement for mobile connectivity, cellular devices, mobile apps or manual code entry.

    Overcoming account takeovers

    After a two-year evaluation of one-time passwords (OTPs), TLS certificates, smart cards and other authentication methods, Google confirmed that FIDO U2F Security Keys were best suited to deliver on the company’s security and usability needs. Shortly thereafter, Google expanded its deployment of the YubiKey to all staff and contractors for secure computer and server login, reaching more than 50,000 employees.

    Google’s two year study to measure the business impact of hardware-based authentication highlighted several important benefits:

    • Heightened security: Internal accounts protected solely with a YubiKey and FIDO U2F have experienced a significant increase in the level of security.
    • Accelerated employee productivity: Employees saw a significant reduction — by nearly 50 percent — of the time to authenticate using a YubiKey compared with using a one-time password (OTP) via SMS. Logins were nearly four times faster when comparing the YubiKey to Google Authenticator. The time saving is primarily due to the one-touch YubiKey authentication that executes in milliseconds.
    • Reduced support:  Compared to using a phone for authentication, YubiKeys were found to be easy to use, robust in design, waterproof and did not easily break. The YubiKey also allowed for issuing multiple backups to each employee, including one YubiKey nano designed to sit inside the user’s laptop and one YubiKey designed for a keychain. Google found support calls dropped, with 92% reduction in support incidents, saving thousands of hours per year in support costs. Furthermore, authentication failures are estimated at zero.
    • Lowered cost of ownership: The combined security, usability, and workflow efficiencies of the YubiKey, allowed Google to give each employee multiple YubiKeys and still realize overall cost reductions.
    “We believe that by using this token we’ve raised the standard of security for our employees beyond what was commercially available. The device works with Google’s Web browser Chrome, and works very seamlessly for people in their day-to-day workflow here at Google.”
    Mayank UpadhyayDirector of Security Engineering, Google Inc.

    Protecting employees and customers with strong 2FA

    Today, Google not only protects employees with the YubiKey but has also integrated support for the YubiKey and FIDO U2F security keys into the available security protections for all Google users. Any user with a Google account can now protect themselves from advanced phishing and benefit from the strong authentication provided by the YubiKey.

    The strongest defense against phishing

    Most recently in October 2017, Google launched its Advanced Protection Program (GAPP) for those users at highest risk including journalists, business leaders and political campaign teams. The GAPP program further tightens up security for Google account users by requiring the use of hardware-backed FIDO U2F security keys for secure login versus making them optional. To provide the strongest defense against phishing, Advanced Protection goes beyond traditional 2-Step Verification. Participants in GAPP are required to sign into your account with a password and a physical security key ie the YubiKey. Other authentication factors, including codes sent via SMS or the Google Authenticator app, will no longer work, since these forms of 2FA have been shown to be phishable.

    Protecting adwords customers

    Google has also highlighted the benefits of protecting Adwords accounts with the YubiKey, In 2016, Google published a blog highlighting how two digital marketing agencies, Jellyfish and iProspect, protect their AdWords accounts, customers, and revenue using the YubiKey.

    Modern authentication at scale

    Google is a leading technology company with innovation and invention at its core. Working in collaboration with Yubico, Google was critical in defining the open standard for strong authentication now known as the FIDO U2F standard. Today, U2F offers over one billion Gmail users and all Google employees, strong phishing-resistant two-factor authentication to protect personal data and secure access to the Internet. Security keys have led to no confirmed account takeovers and greater user satisfaction since deployment at scale.

    Sources

    Google defends against account takeovers and reduces IT costs.pdf
Yubico Footer Text Logo
  • RSS
  • Twitter
  • LinkedIn
  • Facebook
  • Instagram
  • YouTube
  • GitHub
  • Product finder quiz
  • Find set-up guides
  • Buy online
  • Contact sales
  • Get Yubico updates
  • Careers
  • Events
  • Press room
  • About us
  • Partner programs
  • Affiliate program
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Zero Trust
  • Phishing-resistant MFA
  • Passwordless
  • Cyber insurance
  • More solutions
  • Industries overview
  • Yubico blog
  • Resource library
  • Cybersecurity glossary
  • Authentication standards
  • Developer program
  • Works with YubiKey
  • Help center
  • Downloads
  • Product documentation
  • Support Services
  • Professional Services
  • Professional Services
  • Contact support
Yubico © 2023 All Rights Reserved.
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust
We use cookies to ensure that you get the best experience on our site and to present relevant content and advertising. By browsing this site without restricting the use of cookies, you consent to our and third party use of cookies as set out in our Cookie Notice.

PreferencesAccept all
Yubico Privacy and Cookies Policy

Privacy Overview

Yubico.com uses cookies to improve your experience while navigating through the website. When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies.

Click on the different category headings to find out more and change our default settings.

Blocking some types of cookies may impact your experience on our site and the services we are able to offer.
Strictly necessary cookies
Always Enabled

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Functional cookies

These cookies enable the website to provide enhanced functionality and personalization. They may set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Performance cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Targeting cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Uncategorized

Undefined cookies are those that are being analyzed and have not been classified into a category as yet.

Matomo Anonymized Tracking
Save & Accept