Case Study: Google achieves phishing-resistant employee authentication and 92% fewer support incidents with Yubico YubiKey

Google defends against account takeovers and reduces IT costs

Google, a global technology company founded in 1998, faced sophisticated account takeover attacks in 2009 that could circumvent traditional controls and exposed the lack of viable two‑factor options. Google partnered with Yubico to extend YubiKey technology using public‑key cryptography, co‑creating the phishing‑resistant FIDO U2F standard to secure employee and user access without relying on mobile connectivity or manual code entry.

Google deployed YubiKeys to more than 50,000 employees and integrated support for security keys across its services, including the Advanced Protection Program. The hardware tokens delivered measurable benefits: logins were nearly four times faster than using Google Authenticator and about 50% faster than SMS OTPs, support incidents fell by 92%, authentication failures were effectively zero, no confirmed account takeovers occurred, and overall ownership costs decreased as employees received multiple backup keys.

Google

Mayank Upadhyay

Director of Security Engineering