https://www.cnet.com/news/physical-key-is-the-secret-to-google-employees-online-security/ > It turns out the key to counteracting employee phishing at Google is an actual key.  > The company began using physical USB-based security keys in early 2017 and since then, none of its 85,000-plus employees have been phished on their work accounts, Krebs on Security reported last week. The keys serve as an alternative to two-factor authentication, in which users first log into a website using a password and then must enter an additional one-time code that's usually sent to their phone via text or an app.